Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: updated the custom expiration model design and truly blocking #1209

Merged
merged 1 commit into from
Oct 21, 2024
Merged

feat: updated the custom expiration model design and truly blocking #1209

merged 1 commit into from
Oct 21, 2024

Conversation

jajjibhai008
Copy link
Contributor

@jajjibhai008 jajjibhai008 commented Oct 17, 2024
edited
Loading

Description

  • Updated the custom expiration model design
  • Make that modal truly blocking
Screenshot 2024-10-17 at 3 35 51 PM

JIRA -> ENT-9616, ENT-9618

For all changes

  • Ensure adequate tests are in place (or reviewed existing tests cover changes)
  • Ensure English strings are marked for translation. See documentation for more details.

Only if submitting a visual change

  • Ensure to attach screenshots
  • Ensure to have UX team confirm screenshots

@jajjibhai008 jajjibhai008 force-pushed the eahmadjaved/ENT-9616-9618 branch 3 times, most recently from 5396302 to 47deed3 Compare October 17, 2024 12:07
@codecov Codecov
Copy link

codecov bot commented Oct 17, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.43%. Comparing base (6aaebbb) to head (2485230).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1209   +/-   ##
=======================================
  Coverage   88.42%   88.43%           
=======================================
  Files         399      399           
  Lines        8502     8508    +6     
  Branches     2089     2096    +7     
=======================================
+ Hits         7518     7524    +6     
  Misses        941      941           
  Partials       43       43

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Base automatically changed from maham/ENT-9617 to master October 21, 2024 07:52
mahamakifdar19
mahamakifdar19 approved these changes Oct 21, 2024
View reviewed changes
Copy link
Contributor

@mahamakifdar19 mahamakifdar19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jajjibhai008 jajjibhai008 merged commit a9255e2 into master Oct 21, 2024
6 checks passed
@jajjibhai008 jajjibhai008 deleted the eahmadjaved/ENT-9616-9618 branch October 21, 2024 08:29
adamstankiewicz
adamstankiewicz reviewed Oct 22, 2024
View reviewed changes
src/components/expired-subscription-modal/index.jsx
Comment on lines +12 to +25
const onClickHandler = () => {
let url = customerAgreement?.urlForButtonInModal;

if (url) {
// Check if the URL starts with 'http://' or 'https://'
if (!url.startsWith('http://') && !url.startsWith('https://')) {
// Prepend 'https://' if the URL is missing the protocol
url = `https://${url}`;
}

// Navigate to the full URL
window.open(url, '_blank'); // Opening in a new tab
}
};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[curious] I wonder if this sort of validation around url formatting should live in the backend so when consuming the urls in the frontend, we could assume the URL is properly formatted with a protocol. This would simplify this frontend implementation and its associated tests by keeping less business logic in the frontend.

For example, when configuring the URL in Django Admin, if it's missing a protocol, could alternatively consider:

  • Raising a ValidationError in the clean method to prevent saving, and informing the user a protocol is required.
  • Do the above transform when saving the record, so it saves in the DB properly formatted.

Definitely an edge case but as is, if the configured URL is missing the protocol and does not support https, I believe this implementation would result in the link not working properly as it assumes https (which is a valid assumption).

src/components/expired-subscription-modal/index.jsx
</p>
</StandardModal>
{/* eslint-disable-next-line react/no-danger */}
<div dangerouslySetInnerHTML={{ __html: customerAgreement?.expiredSubscriptionModalMessaging }} />
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we want to use DomPurify.sanitize here (see a couple other places in this repo it's used). Ideally, we should be using it anytime using dangerouslySetInnerHTML to as a security measure to prevent unsafe HTML (e.g., script injection, XSS attacks, etc.).

I know we use dangerouslySetInnerHTML in a few other places without DomPurify.sanitize but it would be awesome if we can ensure DomPurify.sanitize was added in these other spots, too 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamstankiewicz adamstankiewicz adamstankiewicz left review comments

@mahamakifdar19 mahamakifdar19 mahamakifdar19 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jajjibhai008 @adamstankiewicz @mahamakifdar19