feat: introduce donation links in update flow#2581
Merged
Conversation
d386d3c to
491eca7
Compare
1721908 to
7eae0db
Compare
per1234
requested changes
Nov 27, 2024
7eae0db to
19cb517
Compare
per1234
requested changes
Nov 28, 2024
per1234
requested changes
Nov 28, 2024
19cb517 to
45a8a1d
Compare
per1234
requested changes
Nov 28, 2024
df1d944 to
19bf879
Compare
dankeboy36
reviewed
Nov 30, 2024
Comment on lines
+90
to
+98
| this.titleNode.innerHTML = nls.localize( | ||
| 'arduino/versionWelcome/titleWithVersion', | ||
| 'Welcome to the new Arduino IDE {0}!', | ||
| appVersion | ||
| ); | ||
| } |
Contributor
There was a problem hiding this comment.
The IDE might want to purify the HTML here for security reasons. One can submit an executable translation that will be merged without notice. dompurify is already available from Theia's dependencies.
yarn why dompurify
yarn why v1.21.1
[1/4] 🤔 Why do we have the module "dompurify"...?
[2/4] 🚚 Initialising dependency graph...
[3/4] 🔍 Finding dependency...
[4/4] 🚡 Calculating file sizes...
=> Found "dompurify@2.4.7"
info Reasons this module exists
- "_project_#arduino-ide-extension#@theia#core" depends on it
- Hoisted from "_project_#arduino-ide-extension#@theia#core#dompurify"
info Disk size without dependencies: "740KB"
info Disk size with unique dependencies: "740KB"
info Disk size with transitive dependencies: "740KB"
info Number of shared dependencies: 0
✨ Done in 1.05s.Pinning it in the package.json and purifying the HTML should not hurt. What do you think?
Collaborator
Author
There was a problem hiding this comment.
I've changed this specific statement to use innerText instead of innerHTML which was unnecessary.
This should already pretty be safe but I might keep the sanitizer anyway
Show donate dialog after the first time a first IDE version is loaded
Pin same version of `dompurify` used in Theia
df0229c to
08d83dc
Compare
|
Open source is love! I wonder who needs that feature? Lot of feature requests from end users? What is next? Add tracking and ads to IDE? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
IDEUpdaterDialogwith donate linkChange description
Other information
Reviewer checklist