Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove non-locale uses of innerHTML and add CI script #6646

Merged
merged 1 commit into from
Sep 17, 2020
Merged

Remove non-locale uses of innerHTML and add CI script #6646

merged 1 commit into from
Sep 17, 2020

Conversation

diracdeltas
Copy link
Member

Resolves brave/brave-browser#11686

Submitter Checklist:

Test Plan:

The only new feature that this adds is a CI check for instances of innerHTML (not counting the ones set in localization). To check that, run npm run check_security.

This PR has a high risk of UI regressions, so QA should check for this. See brave/brave-browser#11686 for QA test steps.

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@diracdeltas diracdeltas self-assigned this Sep 15, 2020
@diracdeltas diracdeltas mentioned this pull request Sep 15, 2020
Closed
32 tasks
@diracdeltas diracdeltas added CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS labels Sep 15, 2020
@diracdeltas
Copy link
Member Author

@NejcZdovc the builds all failed on the init step, so i assume probably not related, but i've just restarted them

@diracdeltas
Remove non-locale uses of innerHTML
8d8b4f1 
and add npm script to check for Trusted Type violations. locale strings
will be fixed in a separate PR.

fix brave/brave-browser#11686
@diracdeltas
Copy link
Member Author

@NejcZdovc @petemill CI is looking good (can skip on android and iOS, i think). please take a look.

NejcZdovc
NejcZdovc approved these changes Sep 17, 2020
View reviewed changes
Copy link
Contributor

@NejcZdovc NejcZdovc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rewards code looks good

petemill
petemill approved these changes Sep 17, 2020
View reviewed changes
Copy link
Member

@petemill petemill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@diracdeltas diracdeltas merged commit c7985a0 into master Sep 17, 2020
@diracdeltas diracdeltas deleted the fix/innerHTML branch September 17, 2020 20:27
@diracdeltas diracdeltas added this to the 1.16.x - Nightly milestone Sep 17, 2020
@mariospr mariospr mentioned this pull request Sep 25, 2020
Open
@mariospr mariospr mentioned this pull request Oct 22, 2020
Merged
32 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petemill petemill petemill approved these changes

@NejcZdovc NejcZdovc NejcZdovc approved these changes

Assignees

@diracdeltas diracdeltas

Labels
CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS
Projects
None yet
Milestone
1.16.x - Release #1
Development

Successfully merging this pull request may close these issues.

remove all non-locale string instances of innerHTML
3 participants
@diracdeltas @petemill @NejcZdovc