Merge branch 'windows-build-changes' of github.com:BSd3v/dash into windows-build-changes

Author: BSd3v

CHANGELOG.md

@@ -4,6 +4,10 @@ This project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [UNRELEASED]
 
+## Fixed
+
+- [#2756](https://github.com/plotly/dash/pull/2756) Prevent false dangerous link warning. Fixes [#2743](https://github.com/plotly/dash/issues/2743)
+
 ## Changed
 
 - [#2734](https://github.com/plotly/dash/pull/2734) Configure CI for Python 3.10 [#1863](https://github.com/plotly/dash/issues/1863)

components/dash-core-components/package.json

@@ -19,7 +19,7 @@
     "private::lint.eslint": "eslint src",
     "private::lint.flake8": "flake8 --exclude=dash_core_components,node_modules,venv",
     "private::lint.prettier": "prettier --config .prettierrc src/**/*.js --list-different",
-    "prepublishOnly": "rimraf -rf lib && babel src --out-dir lib --copy-files --config-file ./.lib.babelrc && rimraf --glob -rf lib/jl/ lib/*.jl",
+    "prepublishOnly": "rimraf lib && babel src --out-dir lib --copy-files --config-file ./.lib.babelrc && rimraf --glob lib/jl/ lib/*.jl",
     "test": "run-s -c lint test:intg test:pyimport",
     "test:intg": "pytest --nopercyfinalize --headless tests/integration ",
     "test:pyimport": "python -m unittest tests/test_dash_import.py",

components/dash-core-components/src/components/Link.react.js

@@ -46,7 +46,9 @@ const Link = props => {
         refresh,
         setProps,
     } = props;
-    const sanitizedUrl = useMemo(() => sanitizeUrl(href), [href]);
+    const sanitizedUrl = useMemo(() => {
+        return href ? sanitizeUrl(href) : undefined;
+    }, [href]);
 
     const updateLocation = e => {
         const hasModifiers = e.metaKey || e.shiftKey || e.altKey || e.ctrlKey;
@@ -70,7 +72,7 @@ const Link = props => {
     };
 
     useEffect(() => {
-        if (sanitizedUrl !== href) {
+        if (sanitizedUrl && sanitizedUrl !== href) {
             setProps({
                 _dash_error: new Error(`Dangerous link detected:: ${href}`),
             });

components/dash-html-components/README.md

@@ -100,7 +100,7 @@ See the [contributing guide](CONTRIBUTING.md) for guidelines on contributing to
         ```
     2. Cleanup the dist folder (optional)
         ```
-        $ rimraf -rf dist
+        $ rimraf dist
         ```
     3. Publish on NPM (Optional if chosen False in `publish_on_npm`)
         ```

components/dash-html-components/package.json

@@ -13,7 +13,7 @@
   },
   "homepage": "https://github.com/plotly/dash",
   "scripts": {
-    "clean": "rimraf --glob -rf ./src/* && mkdirp ./src/components",
+    "clean": "rimraf --glob ./src/* && mkdirp ./src/components",
     "prebuild": "cd scripts && sh generate-all.sh && cd ../../",
     "extract": "cd scripts && sh extract-all.sh",
     "lint": "eslint src scripts",

dash/_validate.py

@@ -392,8 +392,11 @@ def validate_index(name, checks, index):
 def validate_layout_type(value):
     if not isinstance(value, (Component, patch_collections_abc("Callable"))):
         raise exceptions.NoLayoutException(
-            "Layout must be a dash component "
-            "or a function that returns a dash component."
+            """
+            Layout must be a single dash component
+            or a function that returns a dash component.
+            Cannot be a tuple (are there any trailing commas?)
+            """
         )
 
 

dash/dash-renderer/package.json

@@ -4,7 +4,7 @@
   "description": "render dash components in react",
   "main": "build/dash_renderer.min.js",
   "scripts": {
-    "prepublishOnly": "rimraf -rf lib && babel src --extensions=\".ts,.tsx,.js,.jsx\" --out-dir lib --copy-files",
+    "prepublishOnly": "rimraf lib && babel src --extensions=\".ts,.tsx,.js,.jsx\" --out-dir lib --copy-files",
     "private::format.eslint": "eslint --quiet --fix src tests",
     "private::format.prettier": "prettier --write \"{src,tests}/**/*.{js,jsx,ts,tsx}\"",
     "private::lint.eslint": "eslint src tests",

dash/dash-renderer/src/utils/TreeContainer.ts

@@ -61,8 +61,8 @@ export function validateComponent(componentDefinition: any) {
     if (type(componentDefinition) === 'Array') {
         throw new Error(
             'The children property of a component is a list of lists, instead ' +
-                'of just a list. ' +
-                'Check the component that has the following contents, ' +
+                'of just a list. This can sometimes be due to a trailing comma. ' +
+                'Check the component that has the following contents ' +
                 'and remove one of the levels of nesting: \n' +
                 JSON.stringify(componentDefinition, null, 2)
         );

tests/integration/security/test_xss.py

@@ -45,3 +45,16 @@ def test_xss001_banned_protocols(dash_duo):
         assert (
             element.get_attribute(prop) == "about:blank"
         ), f"Failed prop: {element_id}.{prop}"
+
+
+def test_xss002_blank_href(dash_duo):
+    app = Dash()
+
+    app.layout = html.Div(dcc.Link("dcc-link", href="", id="dcc-link-no-href"))
+
+    dash_duo.start_server(app)
+
+    element = dash_duo.find_element("#dcc-link-no-href")
+    assert element.get_attribute("href") is None
+
+    assert dash_duo.get_logs() == []