Open saschanaz opened 4 years ago
@marcoscaceres Candidate for good first issue? 👀
I think so! We just need to make them super easy to find, and really clear how to fix them.
Do we want to keep conf.*HTML
e.g. conf.wgHTML
or not?
I don't think so... those are all part of the "override" tag'ed tasks.
I don't think so... those are all part of the "override" tag'ed tasks.
You mean you want to remove the overriding things? GitHub search shows only one use of wgHTML
which is marked as old 👀
Maybe we can just entirely remove that.
What I mean is, for a lot of things that insert html from config
, authors should be actually writing those things directly in the document. There are whole bunch of these:
https://github.com/w3c/respec/issues?q=is%3Aissue+is%3Aopen+label%3AOverride
Right, just like how additional SOTD contents are processed.
I would be glad to try to solve this issue.
Hello @deepesh-ludhyani, I'm assigning you for this issue then! Feel free to ask questions whenever needed. 👍
@saschanaz if no one is working on this, shall I try to solve this issue
@deepesh-ludhyani Are you working on this?
@saschanaz I am starting to work on this issue
Can you confirm if I have understood the issue correctly
Please confirm if have to convert
to
<li> <a href="${href}"> ${testFileName} </a> ${emojiList} </li>
@SuyashSalampuria No, that one is fine. What do we want is that we replace normal JavaScript strings into hyperHTML templated string so that we get all of its feature including escaping.
So for example:
const element = `<p>${content}</p>`;
Should be:
const element = html`<p>${content}</p>`;
...although it'll be more complex than this.
@saschanaz, as this is security critical, I'd be more comfortable if you were working on it.
I have tried my best to understand the problem and solve it. Although, this was my first contribution to open source. Please tell me if I have understood the problem correctly and solved it as required
@saschanaz, can I take this issue? or anyone else is working on it?
Several are already removed by others, not sure whether there is a remaining. If you can find one, please do.
I did not find any in src/w3c, src/ui and, src/geonovum any other directories to look for? otherwise, the issue is resolved I guess
One consensus in #2548 is that we should remove raw string interpolations. Now we can easily remove them since the PR found all the raw things 🎉
raw(
and all of them are raw string interpolations. There are 21 matches as of now.Node
orElement
elements, e.g.html`<var>${str}</var>`