feat: massive collaboratvie theming feature branch #31590
+20,055
−9,518
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Based on your review schedule, I'll hold off on reviewing this PR until it's marked as ready for review. If you'd like me to take a look now, comment
|
mistercrunch
force-pushed
the
template_less
branch
2 times, most recently
from
f1c7929 to
43452ff
Compare
mistercrunch
force-pushed
the
template_less
branch
from
97e182d to
0655910
Compare
mistercrunch
changed the title
mistercrunch
changed the title
mistercrunch
force-pushed
the
template_less
branch
from
1ca8e6e to
6c6532e
Compare
github-actions
bot
added
the
github_actions
mistercrunch
force-pushed
the
template_less
branch
2 times, most recently
from
003f992 to
1652452
Compare
mistercrunch
added a commit
that referenced
this pull request
Jan 14, 2025
Chiseling at #31590 and bringing what's atomically committable out of there. This simply adds eslint checks to pre-commit. Note that: - it requires having run `npm i` in superset-frontend - it's set up to NOT run in CI as part of the pre-commit validation workflow, since we run eslint more formally in another workflow Why doing this? Currently it's common to forget to run `npm run lint` prior to committing/pushing, so people can waste time waiting for CI to fail where it could be caught easily. It's nice to have pre-commit do the check itself because it will only evaluate the files that have changed, making it much faster than running a full lint run against all files.
mistercrunch
added a commit
that referenced
this pull request
Jan 14, 2025
…rt/e2e.ts While working on #31590, I noticed that `expect` was not properly imported. It was using it from global for some unknown reason.
mistercrunch
force-pushed
the
template_less
branch
from
1652452 to
f89a23b
Compare
github-actions
bot
removed
the
github_actions
mistercrunch
added a commit
that referenced
this pull request
Jan 15, 2025
Chiseling at #31590 that has gotten big / unruly, in this PR is a refactor of Alert-related components, going vanilla AntD. Also. Deprecating colors.alerts since it's ambiguous/redundant with warning/error and does not exist in antd-v5
mistercrunch
added a commit
that referenced
this pull request
Jan 16, 2025
Chiseling at #31590 that has gotten big / unruly, in this PR is a refactor of Alert-related components, going vanilla AntD. Also. Deprecating colors.alerts since it's ambiguous/redundant with warning/error and does not exist in antd-v5
mistercrunch
added a commit
that referenced
this pull request
Jan 16, 2025
Chiseling at #31590 that has gotten big / unruly, in this PR is a refactor of Alert-related components, going vanilla AntD. Also. Deprecating colors.alerts since it's ambiguous/redundant with warning/error and does not exist in antd-v5
mistercrunch
added a commit
that referenced
this pull request
Jan 18, 2025
Chiseling at #31590 that has gotten big / unruly, in this PR is a refactor of Alert-related components, going vanilla AntD. Also. Deprecating colors.alerts since it's ambiguous/redundant with warning/error and does not exist in antd-v5
mistercrunch
added a commit
that referenced
this pull request
Jan 18, 2025
Chiseling at #31590 that has gotten big / unruly, in this PR is a refactor of Alert-related components, going vanilla AntD. Also. Deprecating colors.alerts since it's ambiguous/redundant with warning/error and does not exist in antd-v5
7 tasks
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // Kept as is for backwards compatibility with the old theme system / superset_config.py | ||
| link = ( | ||
| <GenericLink className="navbar-brand" to={brand.path}> | ||
| <img src={brand.icon} alt={brand.alt} /> |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
To fix the problem, we need to ensure that the brand.icon value is properly sanitized before being used in the src attribute of the img tag. This can be achieved by using a library like DOMPurify to sanitize the URL or by ensuring that the value is a safe URL.
- Import the
DOMPurifylibrary to sanitize thebrand.iconvalue. - Sanitize the
brand.iconvalue before using it in thesrcattribute of theimgtag. - Make changes in the
superset-frontend/src/features/home/Menu.tsxfile to implement the sanitization.
Suggested changeset
2
superset-frontend/src/features/home/Menu.tsx
| @@ -19,2 +19,3 @@ | ||
| import { useState, useEffect } from 'react'; | ||
| import DOMPurify from 'dompurify'; | ||
| import { styled, css, useTheme } from '@superset-ui/core'; | ||
| @@ -282,3 +283,3 @@ | ||
| <GenericLink className="navbar-brand" to={brand.path}> | ||
| <img src={brand.icon} alt={brand.alt} /> | ||
| <img src={DOMPurify.sanitize(brand.icon)} alt={brand.alt} /> | ||
| </GenericLink> | ||
| @@ -288,3 +289,3 @@ | ||
| <a className="navbar-brand" href={brand.path} tabIndex={-1}> | ||
| <img src={brand.icon} alt={brand.alt} /> | ||
| <img src={DOMPurify.sanitize(brand.icon)} alt={brand.alt} /> | ||
| </a> |
superset-frontend/package.json
Outside changed files
| @@ -219,3 +219,4 @@ | ||
| "use-query-params": "^1.1.9", | ||
| "yargs": "^17.7.2" | ||
| "yargs": "^17.7.2", | ||
| "dompurify": "^3.2.5" | ||
| }, |
This fix introduces these dependencies
| Package | Version | Security advisories |
| dompurify (npm) | 3.2.5 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
| ); | ||
| } else { | ||
| link = ( | ||
| <a className="navbar-brand" href={brand.path} tabIndex={-1}> |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
To fix the problem, we need to ensure that the brand.path value is properly sanitized before being used in the href attribute. This can be achieved by using a library like DOMPurify to sanitize the value. We will import DOMPurify and use it to sanitize the brand.path value before rendering it in the href attribute.
Suggested changeset
2
superset-frontend/src/features/home/Menu.tsx
| @@ -19,2 +19,3 @@ | ||
| import { useState, useEffect } from 'react'; | ||
| import DOMPurify from 'dompurify'; | ||
| import { styled, css, useTheme } from '@superset-ui/core'; | ||
| @@ -287,3 +288,3 @@ | ||
| link = ( | ||
| <a className="navbar-brand" href={brand.path} tabIndex={-1}> | ||
| <a className="navbar-brand" href={DOMPurify.sanitize(brand.path)} tabIndex={-1}> | ||
| <img src={brand.icon} alt={brand.alt} /> |
superset-frontend/package.json
Outside changed files
| @@ -219,3 +219,4 @@ | ||
| "use-query-params": "^1.1.9", | ||
| "yargs": "^17.7.2" | ||
| "yargs": "^17.7.2", | ||
| "dompurify": "^3.2.5" | ||
| }, |
This fix introduces these dependencies
| Package | Version | Security advisories |
| dompurify (npm) | 3.2.5 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
| } else { | ||
| link = ( | ||
| <a className="navbar-brand" href={brand.path} tabIndex={-1}> | ||
| <img src={brand.icon} alt={brand.alt} /> |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
To fix the problem, we need to ensure that the brand.icon value is properly sanitized before it is used in the img tag's src attribute. This can be achieved by using a library like DOMPurify to sanitize the value.
- Install the
DOMPurifylibrary. - Import
DOMPurifyin the relevant file. - Use
DOMPurifyto sanitize thebrand.iconvalue before using it in theimgtag.
Suggested changeset
2
superset-frontend/src/features/home/Menu.tsx
| @@ -282,3 +282,3 @@ | ||
| <GenericLink className="navbar-brand" to={brand.path}> | ||
| <img src={brand.icon} alt={brand.alt} /> | ||
| <img src={DOMPurify.sanitize(brand.icon)} alt={brand.alt} /> | ||
| </GenericLink> | ||
| @@ -288,3 +288,3 @@ | ||
| <a className="navbar-brand" href={brand.path} tabIndex={-1}> | ||
| <img src={brand.icon} alt={brand.alt} /> | ||
| <img src={DOMPurify.sanitize(brand.icon)} alt={brand.alt} /> | ||
| </a> |
superset-frontend/package.json
Outside changed files
| @@ -219,3 +219,4 @@ | ||
| "use-query-params": "^1.1.9", | ||
| "yargs": "^17.7.2" | ||
| "yargs": "^17.7.2", | ||
| "dompurify": "^3.2.5" | ||
| }, |
This fix introduces these dependencies
| Package | Version | Security advisories |
| dompurify (npm) | 3.2.5 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
…#32705) Co-authored-by: Diego Pucci <[email protected]> Co-authored-by: Geido <[email protected]> Co-authored-by: Mehmet Salih Yavuz <[email protected]>
Co-authored-by: Maxime Beauchemin <[email protected]>
mistercrunch
changed the title
Co-authored-by: Maxime Beauchemin <[email protected]>
Co-authored-by: Maxime Beauchemin <[email protected]> Co-authored-by: Diego Pucci <[email protected]>
Co-authored-by: Geido <[email protected]>
Co-authored-by: Diego Pucci <[email protected]>
mistercrunch
added a commit
that referenced
this pull request
Apr 9, 2025
Recently looked into typescript's import `type` keyword and its implications. Turns out using it should have noticeable impacts on bundle size and memory usage (yeh!), and there's a nice lint rule for it. This PR is DRAFT and will be on hold until we merge the Theming branch to avoid a lot of conflicts. Note that: - there are north of 2k lint instance - `--fix` seems to cover most cases, short by 100-200 - unclear how much we'll save on bundle size, but clearly is good hygiene Let's pick this up after the great merge of #31590
mistercrunch
added a commit
that referenced
this pull request
Apr 9, 2025
Recently looked into typescript's import `type` keyword and its implications. Turns out using it should have noticeable impacts on bundle size and memory usage (yeh!), and there's a nice lint rule for it. This PR is DRAFT and will be on hold until we merge the Theming branch to avoid a lot of conflicts. Note that: - there are north of 2k lint instance - `--fix` seems to cover most cases, short by 100-200 - unclear how much we'll save on bundle size, but clearly is good hygiene Let's pick this up after the great merge of #31590
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Excuse the large PR, but this is fairly tangled up, and working on fixing up theming probably requires some massive PRs as it's really hard to proceed PR-by-PR - especially during the holiday break...
Introducing less handlebars templates
First. Clearly we should move away from
lessand commit to emotion/antd for theming Now deleting the less files is going to be difficult. In the meantime, I wanted to provide a way for less files to source from the main theme object. I decided to go with handlebars since that should be part of the build process.Considerations:
.lessfiles from the repo, and make sure they are dynamically generated on every builds. In the meantime I thought I'd leave them here, and we can instruct people to alter.less.hdsfiles and runnpm run compile-lesson demand, if/when altering the main themeLarge refactor - what's in this PR?
antdtheme tokenswhat's NOT in this PR? - yet to come
theme.antdreferencing in emotionThemeConfigas the theme setup, this will require more moving from legacy theme object to antdCompiling TODOs / visual bug as of 3/4/25
ok did a round of updates here, tackled some and left some TODOs in the list... thanks to @kgabryje and others for finding these issues!
antd-v5-related
these should fix themselves as we migrate the components to antd-v5