search

carbon-design-system / ibm-products

A Carbon-powered React component library for IBM Products
https://ibm-products.carbondesignsystem.com
Apache License 2.0
98 stars 138 forks source link

Handle CSP violations in PAL components #6177

Open amal-k-joy opened 1 month ago

amal-k-joy commented 1 month ago

Ensure PAL components are CSP complaint.

elycheea commented 1 month ago

@matthewgallo @amal-k-joy Do we think it make more sense to address CSP issues for individual components or address them in one larger PR for a quicker resolution (but at the risk of more conflicts with other PRs).

It does look like when the System team addressed these, it was mostly within one larger PR. Might still be worth breaking out some of the components if the fixes are more involved, but my feeling is that most might be able to be addressed in one go.

I think we can also exclude examples, **.stories.js, **.story.js, **.test.js, thumbnails/**.svg and probably mdx/docs-page as well. (Did I miss any?)

SVG might still be better to address a bit separately since it sounded like the fix for it might be more involved.

elycheea commented 1 month ago

Seeing ~34 files with the following exclusions:

src/**/**/**.stories.jsx, src/**/**/**.story.jsx, thumbnails/**.svg, examples/**, packages/core/*, **.test.js

I suggest we group the remaining fixes this way —

--

--

--

--

tom-youd commented 1 month ago

Please can NoDataEmptyState be added to the list please? I've noticed this component has inline style blocks

elycheea commented 1 month ago

@tom-youd I believe this was covered in our SVG updates. Based on when the PR was merged, it should be included in our next release candidate (Monday, Oct 28^1).