Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUGFIX beta] Change style deprecation to warning. #10711

Merged
merged 1 commit into from
Mar 26, 2015
Merged

[BUGFIX beta] Change style deprecation to warning. #10711

merged 1 commit into from
Mar 26, 2015

Conversation

rwjblue
Copy link
Member

@rwjblue rwjblue commented Mar 23, 2015

@rwjblue rwjblue added this to the 1.11.0 milestone Mar 23, 2015
stefanpenner
stefanpenner reviewed Mar 23, 2015
View reviewed changes
packages/ember-views/lib/attr_nodes/attr_node.js
@@ -15,6 +15,12 @@ export default function AttrNode(attrName, attrValue) {
this.init(attrName, attrValue);
}

export var styleWarning = 'Dynamic content in the `style` attribute is not escaped and may expose your application ' +
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems pretty verbose, I fear heavy signal-to-noise. I would be a fan of a single brief sentence and a link for more info.

unsafe use of style attribute bindings, please refer to: ....

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomdale - Thoughts?

@rwjblue rwjblue force-pushed the update-style-warning branch 4 times, most recently from 6fd02d4 to 61b8acc Compare March 25, 2015 14:49
@stefanpenner
Copy link
Member

pinged @tomdale for his worth-smithing in slack.

@tomdale tomdale mentioned this pull request Mar 25, 2015
Merged
@tomdale
Copy link
Member

tomdale commented Mar 25, 2015

Let's change this to:

Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see http://emberjs.com/deprecations/v1.x/#toc_warning-when-binding-style-attributes.

@stefanpenner
Copy link
Member

still pretty long, but ultimately fine. Remember people may see a good number of these fly past

@rwjblue
Copy link
Member Author

rwjblue commented Mar 25, 2015

Updated

@ebryn
Copy link
Member

ebryn commented Mar 26, 2015

👍

rwjblue added a commit that referenced this pull request Mar 26, 2015
@rwjblue
Merge pull request #10711 from rwjblue/update-style-warning
d346ebb 
[BUGFIX beta] Change style deprecation to warning.
@rwjblue rwjblue merged commit d346ebb into emberjs:master Mar 26, 2015
@rwjblue rwjblue deleted the update-style-warning branch March 26, 2015 03:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
4 participants
@rwjblue @stefanpenner @tomdale @ebryn