Refactor Digital Specimen overview: Data cards#247
Conversation
…-ds-overview-components
MelanieTheLion
requested review from
Eleni-Theodoridou,
JontySponselee-Naturalis,
Ycreak,
david-auk and
southeo
| .ds-card-citation { | ||
| max-height: var(--citation-content-spacing); | ||
| width: 100%; | ||
| background-color: #F2F3F8; |
There was a problem hiding this comment.
Does this need a css var?
There was a problem hiding this comment.
Yes!! Changed!
| justify-content: space-between; | ||
| margin-block-end: var(--spacing-l); | ||
|
|
||
| div { |
There was a problem hiding this comment.
using html tags, especially div could lead to hard to find css bugs. Is this css specificity needed? Can't you use a class or attribute selector?
There was a problem hiding this comment.
Yes, changed!!
| <div id="hero-title"> | ||
| <h1>{title}</h1> | ||
| {isHtml ? ( | ||
| <h1 dangerouslySetInnerHTML={{ __html: title }} /> |
There was a problem hiding this comment.
Where does title come from, is it generated by users or external systems? because this can introduce injections vulnerabilities. If it is, then you need to sanitize it
There was a problem hiding this comment.
It is not generated by users, it is either a hardcoded title from me or data that comes from our own API's. Do you recommend sanitizing it then and if so, how?
There was a problem hiding this comment.
It is fine if it is your input. However, if it comes from your API then it depends where it originally comes from, so in that case I would recommend to santize it.
I have not done this myself, so I can't help much, but I would recommend to use a package since it is security related. But this package seems to be used a lot https://www.npmjs.com/package/dompurify
There was a problem hiding this comment.
Ok, I've updated it with the package you mentioned. I saw it in multiple places as well. So I think it should be good. :)
|
|
||
| /** | ||
| * Renders a single row of data. | ||
| * If the value is missing/null, it returns null to hide the row. |
There was a problem hiding this comment.
When is it missing, is this normal behavior, or should it be logged so you can investigate it?
There was a problem hiding this comment.
No, sometimes the data is just not there. Like for instance taxonomic data. It sometimes has a family, a genus etc, but not a species name for instance. Then we just don't show anything. So we do not have to investigate it, and only show the data that is available :)
|
2 participants
In this PR:
Not in this PR:
Important: This page is not yet visible and routed to. But due to its size, we will merge parts of the page.
What it looks like:
