New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DSP-551 Migrate sanitization pipes from BEOL #158
base: main
Are you sure you want to change the base?
Conversation
…ith minimal unit tests
@flavens I've migrated the pipes but I have some questions:
|
Good point. @SepidehAlassi created them. She should answer you because she knows how to use them. |
|
Regarding the first point, to me, "sanitize" means to remove potentially harmful code from the provided string but in the case of these pipes, they're used to tell Angular "don't sanitize these strings, they're fine". Unless I'm missing something, these pipes are used to bypass Angular's built-in sanitization which is also stated in the documentation you linked: "In specific situations, it might be necessary to disable sanitization, for example if the application genuinely needs to produce a javascript: style link with a dynamic value in it. Users can bypass security by constructing a value with one of the bypassSecurityTrust... methods, and then binding to that value from the template." For the second point, I will combine the two |
…named the files and folder structure
Honestly, it does not make any difference for me what its name is. Please choose whatever you think is better. The important thing for me is that they are correctly used later in BEOL. |
@flavens I know this PR isn't really a priority but should we try to merge it during sprint 15 so we can close this? There's just a simple merge conflict to fix. |
yes it is ready, we have to merge it soon |
Wanted to help by resolving easy conflict in Action Module. However I've messed up a bit, managed to fix it and seems all back to green now. I also see that in the module exist imports of deprecated pipes: ReversePipe and SortByPipe. Should be those also removed or you keep them for some reason? |
We have decided to keep deprecated methods/pipes/directives for some time in order to avoid breaking changes. |
closes https://dasch.myjetbrains.com/youtrack/issue/DSP-551
uses js-lib v1.0.0-rc.9 & dsp-api rc.12