Closed fgrehm closed 2 years ago
While we are here, we might also drop jquery and simplify our JS too (or at least switch over to zepto)
I'd be down for simplifying the UI stuff. There was a PR a while back to remove the dependency on the asset pipeline, seems like this would be another step in the right direction.
I'm pretty swamped for the next week, but happy to review a PR or two, or jump on it myself after
we might also drop jquery and simplify our JS too
FYI this came up in an internal security assessment / pentest of an application that included letter_opener_web
:
Dynamic testing of the Buildkite application revealed that it is using version 1.8.3 of the jQuery library. This version of jQuery has known security issues that, in some circumstances, can introduce cross-site scripting (XSS) vulnerabilities
This is finally hapenning, see https://github.com/fgrehm/letter_opener_web/pull/113
Project is using a really old release of bootstrap (2.2.2), I think we should update to the latest release available or use another lightweight framework.
The project's UI is super simple that we could even just get away with a reset framework + a handful of styles.
cc @pseudomuto in case you have any thoughts (also sorry for the @ spam today, I'm using the gem on a few side projects now)