Whitelist for SVG style attributes on data objects #333
Conversation
|
@kale-stew this is looking good. My only nitpick is that I'd like your sanitizeStyle method to live in the style util alongside the whitelist. Approved pending that change. |
|
@boygirl done 👍 |
src/victory-util/style.js
Outdated
| * @param {Object} data An object of user-input style attributes. | ||
| * @returns {Object} An object containing only valid style data. | ||
| */ | ||
| export const sanitizeStyleProps = function (data) { |
There was a problem hiding this comment.
I think this export is unnecessary, since you're exporting this method with your export default below
There was a problem hiding this comment.
I just want to add a quick note here - I was pairing with Kylie and noticed that we cannot use named imports from default exports. I'm unfamiliar with the project semantics, but is this intentional?
ie, removing export here but then using the named import { sanitizeStyleProps } from './style' will cause sanitizeStyleProps to be undefined.
It looks the the way to avoid that is to import the entire module and path to the method like this
Not sure if this is a bug, or intentional but wanted to alert you, or @ryan-roemer to it.
|
🎉 Looks good! |
sanitizeStylePropsis running all user-input style data against a whitelist of valid SVG attributes and returning an object that contains only valid styles, dropping the rest.Should resolve Victory Issue #610