search

okTurtles / group-income

A decentralized and private (end-to-end encrypted) financial safety net for you and your friends.
https://groupincome.org
GNU Affero General Public License v3.0
329 stars 43 forks source link

Replace `alert` in login that use LError with `gi.ui/prompt` #2070

Open taoeffect opened 3 months ago

taoeffect commented 3 months ago

Problem

In #2069 I got this error:

tmp-1718390238728

This is clearly a problematic prompt as it shows HTML to the user instead of rendering it:

      console.error('gi.actions/identity/login failed!', e)
      const humanErr = L('Failed to login: {reportError}', LError(e))
      alert(humanErr)

EDIT: I just noticed this is a more widespread problem in the codebase, as this use of alert seems to exist in the contracts too:

tmp-1718396956352

IMPORTANT: the use of alert by itself isn't a problem, but when the message contains HTML - gi.ui/prompt must be used instead because only that can render it.

Solution

  1. Replace the call to alert with gi.ui/prompt
  2. Test by throwing an error during login and verify that the link is rendered correctly

Make 100% sure to test every alert that's replaced with gi.ui/prompt to verify it displays correctly.

If called from contracts, gi.ui/prompt will need to be whitelisted in main.js under allowedSelectors.

dotmacro commented 3 months ago

I just noticed this is a more widespread problem in the codebase

Is the screenshot in #2051 another example?

taoeffect commented 3 months ago

Is the screenshot in https://github.com/okTurtles/group-income/issues/2051 another example?

Yeah that could be another thing to boy-scout for this issue 👍