You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is clearly a problematic prompt as it shows HTML to the user instead of rendering it:
console.error('gi.actions/identity/login failed!',e)consthumanErr=L('Failed to login: {reportError}',LError(e))alert(humanErr)
EDIT: I just noticed this is a more widespread problem in the codebase, as this use of alert seems to exist in the contracts too:
IMPORTANT: the use of alert by itself isn't a problem, but when the message contains HTML - gi.ui/prompt must be used instead because only that can render it.
Solution
Replace the call to alert with gi.ui/prompt
Test by throwing an error during login and verify that the link is rendered correctly
Make 100% sure to test every alert that's replaced with gi.ui/prompt to verify it displays correctly.
If called from contracts, gi.ui/prompt will need to be whitelisted in main.js under allowedSelectors.
The text was updated successfully, but these errors were encountered:
taoeffect
changed the title
Replace alerts in login that use LError with gi.ui/prompt
Replace alert in login that use LError with gi.ui/promptJun 14, 2024
* replace one alert() to in-app prompt in identity contract
* replace more alert() in the login-flow with throw new GIErrorUIRuntimeError()
* make sure the prompt replaces alert() for error joining the general chatroom
* replace alert() from some more places
* error prompt for group-joinning error
* remove random error thrown on purpose
* update PR according to the feedbacks
Problem
In #2069 I got this error:
This is clearly a problematic prompt as it shows HTML to the user instead of rendering it:
EDIT: I just noticed this is a more widespread problem in the codebase, as this use of
alert
seems to exist in the contracts too:IMPORTANT: the use of
alert
by itself isn't a problem, but when the message contains HTML -gi.ui/prompt
must be used instead because only that can render it.Solution
alert
withgi.ui/prompt
Make 100% sure to test every
alert
that's replaced withgi.ui/prompt
to verify it displays correctly.If called from contracts,
gi.ui/prompt
will need to be whitelisted inmain.js
underallowedSelectors
.The text was updated successfully, but these errors were encountered: