@gitlab/ui 42.11.0 → 42.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/dist/components/base/card/card.js +1 -1
- package/dist/directives/safe_html/safe_html.js +1 -0
- package/dist/index.css.map +1 -1
- package/dist/utility_classes.css +1 -1
- package/dist/utility_classes.css.map +1 -1
- package/dist/utils/test_utils.js +4 -0
- package/package.json +5 -5
- package/src/components/base/card/card.vue +2 -2
- package/src/directives/safe_html/safe_html.js +5 -1
- package/src/directives/safe_html/safe_html.spec.js +27 -0
- package/src/scss/utilities.scss +0 -6
- package/src/scss/utility-mixins/spacing.scss +0 -5
- package/src/utils/test_utils.js +4 -0
package/dist/utils/test_utils.js
CHANGED
|
@@ -23,6 +23,10 @@ const getResetAnimationsCSS = () => `
|
|
|
23
23
|
-ms-animation: none !important;
|
|
24
24
|
-o-animation: none !important;
|
|
25
25
|
animation: none !important;
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
input, textarea {
|
|
29
|
+
caret-color: transparent !important;
|
|
26
30
|
}`;
|
|
27
31
|
|
|
28
32
|
export { getResetAnimationsCSS, setStoryTimeout, waitForAnimationFrame };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gitlab/ui",
|
|
3
|
-
"version": "42.
|
|
3
|
+
"version": "42.13.1",
|
|
4
4
|
"description": "GitLab UI Components",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -81,9 +81,9 @@
|
|
|
81
81
|
"@arkweid/lefthook": "0.7.7",
|
|
82
82
|
"@babel/core": "^7.10.2",
|
|
83
83
|
"@babel/preset-env": "^7.10.2",
|
|
84
|
-
"@gitlab/eslint-plugin": "
|
|
84
|
+
"@gitlab/eslint-plugin": "13.0.0",
|
|
85
85
|
"@gitlab/stylelint-config": "4.1.0",
|
|
86
|
-
"@gitlab/svgs": "2.
|
|
86
|
+
"@gitlab/svgs": "2.25.0",
|
|
87
87
|
"@rollup/plugin-commonjs": "^11.1.0",
|
|
88
88
|
"@rollup/plugin-node-resolve": "^7.1.3",
|
|
89
89
|
"@rollup/plugin-replace": "^2.3.2",
|
|
@@ -105,10 +105,10 @@
|
|
|
105
105
|
"bootstrap": "4.5.3",
|
|
106
106
|
"cypress": "^6.6.0",
|
|
107
107
|
"emoji-regex": "^10.0.0",
|
|
108
|
-
"eslint": "8.
|
|
108
|
+
"eslint": "8.19.0",
|
|
109
109
|
"eslint-import-resolver-jest": "3.0.2",
|
|
110
110
|
"eslint-plugin-cypress": "2.12.1",
|
|
111
|
-
"eslint-plugin-storybook": "0.5.
|
|
111
|
+
"eslint-plugin-storybook": "0.5.13",
|
|
112
112
|
"file-loader": "^4.2.0",
|
|
113
113
|
"glob": "^7.2.0",
|
|
114
114
|
"identity-obj-proxy": "^3.0.0",
|
|
@@ -32,7 +32,7 @@ export default {
|
|
|
32
32
|
|
|
33
33
|
<template>
|
|
34
34
|
<div class="gl-card">
|
|
35
|
-
<div v-if="$
|
|
35
|
+
<div v-if="$scopedSlots.header" class="gl-card-header" :class="headerClass">
|
|
36
36
|
<!-- @slot The card's header content. -->
|
|
37
37
|
<slot name="header"></slot>
|
|
38
38
|
</div>
|
|
@@ -40,7 +40,7 @@ export default {
|
|
|
40
40
|
<!-- @slot The card's main content. -->
|
|
41
41
|
<slot></slot>
|
|
42
42
|
</div>
|
|
43
|
-
<div v-if="$
|
|
43
|
+
<div v-if="$scopedSlots.footer" class="gl-card-footer" :class="footerClass">
|
|
44
44
|
<!-- @slot The card's footer content. -->
|
|
45
45
|
<slot name="footer"></slot>
|
|
46
46
|
</div>
|
|
@@ -6,7 +6,11 @@ import { forbiddenDataAttrs } from './constants';
|
|
|
6
6
|
// See https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/1782
|
|
7
7
|
// and https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/2127
|
|
8
8
|
// for more details.
|
|
9
|
-
const DEFAULT_CONFIG = {
|
|
9
|
+
const DEFAULT_CONFIG = {
|
|
10
|
+
RETURN_DOM_FRAGMENT: true,
|
|
11
|
+
ALLOW_UNKNOWN_PROTOCOLS: true,
|
|
12
|
+
FORBID_ATTR: [...forbiddenDataAttrs],
|
|
13
|
+
};
|
|
10
14
|
|
|
11
15
|
const transform = (el, binding) => {
|
|
12
16
|
if (binding.oldValue !== binding.value) {
|
|
@@ -2,6 +2,17 @@ import { shallowMount } from '@vue/test-utils';
|
|
|
2
2
|
import { forbiddenDataAttrs } from './constants';
|
|
3
3
|
import { SafeHtmlDirective as safeHtml } from './safe_html';
|
|
4
4
|
|
|
5
|
+
/* eslint-disable no-script-url */
|
|
6
|
+
const invalidProtocolUrls = [
|
|
7
|
+
'javascript:alert(1)',
|
|
8
|
+
'jAvascript:alert(1)',
|
|
9
|
+
'data:text/html,<script>alert(1);</script>',
|
|
10
|
+
' javascript:',
|
|
11
|
+
'javascript :',
|
|
12
|
+
];
|
|
13
|
+
/* eslint-enable no-script-url */
|
|
14
|
+
const validProtocolUrls = ['slack://open', 'x-devonthink-item://90909', 'x-devonthink-item:90909'];
|
|
15
|
+
|
|
5
16
|
describe('safe html directive', () => {
|
|
6
17
|
let wrapper;
|
|
7
18
|
|
|
@@ -46,6 +57,22 @@ describe('safe html directive', () => {
|
|
|
46
57
|
expect(wrapper.html()).toEqual('<div>hello world</div>');
|
|
47
58
|
});
|
|
48
59
|
|
|
60
|
+
describe('with non-http links', () => {
|
|
61
|
+
it.each(validProtocolUrls)('should allow %s', (url) => {
|
|
62
|
+
createComponent({
|
|
63
|
+
html: `<a href="${url}">internal link</a>`,
|
|
64
|
+
});
|
|
65
|
+
expect(wrapper.html()).toContain(`<a href="${url}">internal link</a>`);
|
|
66
|
+
});
|
|
67
|
+
|
|
68
|
+
it.each(invalidProtocolUrls)('should not allow %s', (url) => {
|
|
69
|
+
createComponent({
|
|
70
|
+
html: `<a href="${url}">internal link</a>`,
|
|
71
|
+
});
|
|
72
|
+
expect(wrapper.html()).toContain(`<a>internal link</a>`);
|
|
73
|
+
});
|
|
74
|
+
});
|
|
75
|
+
|
|
49
76
|
describe('handles data attributes correctly', () => {
|
|
50
77
|
const acceptedDataAttrs = ['data-safe', 'data-random'];
|
|
51
78
|
|
package/src/scss/utilities.scss
CHANGED
|
@@ -6178,12 +6178,6 @@
|
|
|
6178
6178
|
.gl-gap-6\! {
|
|
6179
6179
|
gap: $gl-spacing-scale-6 !important;
|
|
6180
6180
|
}
|
|
6181
|
-
.gl-grid-gap-6 {
|
|
6182
|
-
gap: $gl-spacing-scale-6;
|
|
6183
|
-
}
|
|
6184
|
-
.gl-grid-gap-6\! {
|
|
6185
|
-
gap: $gl-spacing-scale-6 !important;
|
|
6186
|
-
}
|
|
6187
6181
|
.gl-xs-mb-3 {
|
|
6188
6182
|
@include gl-media-breakpoint-down(sm) {
|
|
6189
6183
|
margin-bottom: $gl-spacing-scale-3;
|