Skip to content

[Docs Site] Use Tippy.js for footnotes #17357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 9, 2024
Merged

[Docs Site] Use Tippy.js for footnotes #17357

merged 4 commits into from
Oct 9, 2024

Conversation

@KianNH
Copy link
Member

@KianNH KianNH commented Oct 7, 2024

Summary

Use Tippy.js for footnotes

Screenshots (optional)

Before:
image

After:
image

@github-actions github-actions bot added the size/m label Oct 7, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 7, 2024
View reviewed changes
src/scripts/mermaid.ts
mermaid.initialize({ startOnLoad: false, theme });
await mermaid
.render(`mermaid-${crypto.randomUUID()}`, def)
.then(({ svg }) => (diagram.innerHTML = svg));

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI about 1 year ago

To fix the problem, we need to ensure that the content being inserted into innerHTML is properly sanitized. Since the mermaid.render function is used to generate the SVG content, we should ensure that this content is safe. If mermaid does not guarantee the safety of its output, we should sanitize the SVG content before inserting it into the DOM.

The best way to fix this without changing existing functionality is to use a library like DOMPurify to sanitize the SVG content before setting it as innerHTML. This ensures that any potentially harmful content is removed.

Suggested changeset 2
src/scripts/mermaid.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/scripts/mermaid.ts b/src/scripts/mermaid.ts
--- a/src/scripts/mermaid.ts
+++ b/src/scripts/mermaid.ts
@@ -1,2 +1,3 @@
 import mermaid from "mermaid";
+import DOMPurify from "dompurify";
 
@@ -22,3 +23,3 @@
 			.render(`mermaid-${crypto.randomUUID()}`, def)
-			.then(({ svg }) => (diagram.innerHTML = svg));
+			.then(({ svg }) => (diagram.innerHTML = DOMPurify.sanitize(svg)));
 
EOF
@@ -1,2 +1,3 @@
import mermaid from "mermaid";
import DOMPurify from "dompurify";

@@ -22,3 +23,3 @@
.render(`mermaid-${crypto.randomUUID()}`, def)
.then(({ svg }) => (diagram.innerHTML = svg));
.then(({ svg }) => (diagram.innerHTML = DOMPurify.sanitize(svg)));

package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -85,3 +85,6 @@
 		"node": "22.8.0"
-	}
+	},
+	"dependencies": {
+    "dompurify": "^3.1.7"
+  }
 }
EOF
@@ -85,3 +85,6 @@
"node": "22.8.0"
}
},
"dependencies": {
"dompurify": "^3.1.7"
}
}
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.1.7 None
Copilot is powered by AI and may make mistakes. Always verify output.
@KianNH
Copy link
Member Author

KianNH commented Oct 7, 2024

Closes #16250

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Oct 7, 2024
edited
Loading

Deploying cloudflare-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 1e454fd
Status: ✅  Deploy successful!
Preview URL: https://038f916d.cloudflare-docs-7ou.pages.dev
Branch Preview URL: https://kian-pcx-13959.cloudflare-docs-7ou.pages.dev

View logs

@KianNH KianNH requested a review from crwaters16 as a code owner October 7, 2024 12:09
@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2024

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/style-guide/components/footnotes/ https://kian-pcx-13959.cloudflare-docs-7ou.pages.dev/style-guide/components/footnotes/

@KianNH KianNH merged commit a528d9b into production Oct 9, 2024
1 check passed
@KianNH KianNH deleted the kian/PCX-13959 branch October 9, 2024 09:06
elithrar pushed a commit that referenced this pull request Oct 15, 2024
@KianNH @elithrar
[Docs Site] Use Tippy.js for footnotes (#17357)
ba94832 
* [Docs Site] Use Tippy.js for footnotes

* tabindex/hover cutoff fixes

* update style guide link to lib

* new fnref styling
maheshwarip pushed a commit that referenced this pull request Dec 2, 2024
@KianNH @maheshwarip
[Docs Site] Use Tippy.js for footnotes (#17357)
7dd3a8b 
* [Docs Site] Use Tippy.js for footnotes

* tabindex/hover cutoff fixes

* update style guide link to lib

* new fnref styling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marciocloudflare marciocloudflare marciocloudflare approved these changes

@kristianfreeman kristianfreeman Awaiting requested review from kristianfreeman

@pedrosousa pedrosousa Awaiting requested review from pedrosousa

@haleycode haleycode Awaiting requested review from haleycode

@maxvp maxvp Awaiting requested review from maxvp

@GregBrimble GregBrimble Awaiting requested review from GregBrimble

@WalshyDev WalshyDev Awaiting requested review from WalshyDev

@crwaters16 crwaters16 Awaiting requested review from crwaters16

Assignees

@pedrosousa pedrosousa

@kristianfreeman kristianfreeman

@maxvp maxvp

@GregBrimble GregBrimble

@WalshyDev WalshyDev

@marciocloudflare marciocloudflare

@haleycode haleycode

Labels

product:style-guide size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@KianNH @marciocloudflare @pedrosousa @kristianfreeman @maxvp @GregBrimble @WalshyDev @haleycode