ESlint seems to be very clear; it wants a valid link to be used inside the anchor tag. But I want to use it this way and I don't want to replace this anchor with a button or something else.
Also, the warning is not persistent. Sometimes it disappears. What I want to know is why is this happening? What is wrong with using an anchor without a reference actually ?
Warning comes from the following piece of code.
<a
key={randKey}
className="list-icons-item"
data-action={this.props.headerElements[i]}>
</a>
How can I disable this warning or what is the best practice ?
The question poses a simple example of a complex problem. If the intent of the code is to focus this.props.headerElements[i], then give this.props.headerElements[i] an ID and reference that id in the href of the link. Let the default behavior do its job. No further script logic is required.
If there is no navigation involved, then, as #Andy points out, the anchor is not suitable. Use a button as the documentation for the rule emphatically recommends.
When a control looks like a link and navigates off the page or changes focus on the page, a link is the semantically correct choice, per WAI ARIA specifications. If what you need to focus will be shown as part of your click handler logic, then you may find the ESlint jsx-a11y anchor-is-valid warning counterproductive. In that case, you are best served using an anchor with explicit role and tabindex attributes and suppressing the rule or turning it off in your .eslintrc file as #Andy also mentions above.
<a
role="link"
tabIndex="0"
key={randKey}
className="list-icons-item"
data-action={this.props.headerElements[i]}>
There are costs when semantics diverge from appearance. Consider a blind user calling your web application's help desk and being directed to click a link but hearing only a button announced in the screen reader. Consider a user who has only partial sight encountering a control which looks like a link and functions like a link but is marked up as a button. The user will hear one thing announced in the screen reader and see something else.
These trade offs need to be considered early in life cycle of your project so you can be consistent with your treatment throughout your application.
Related
This has happened to me a couple times. Using something like an <img> tag, or <br>. Basically any HTML void element. Just today I attempted to use a <br>, and when saving got this:
Am I missing something?
Is there a reason for this?
Are void elements not intended for use in visualforce pages or components?
Or is this just flawed syntax checking?
Can be very frustrating at times, I ended up adding a false tag the other day because I realized it wouldn't be rendered and it was the only way to save my page...
P.S. I'm sorry if this has an easily accessible answer. I think I looked a reasonable amount, but not as much as usual before posting a question. Just couldn't even find search terms to get me close to something relevant.
Visualforce must be a valid XML document. Not HTML (which permits <img> without closing), not XHTML (because if you add any <apex:... tags not defined by W3C officially it's not a html document anymore, at least until it gets compiled and output becomes pure html0.
So you need <img> ... </img> or self-closing version, <img />.
In a way Lightning Web Components are even worse, self-closing doesn't work. Has to be explicit "end tag".
As to why... probably for easier ability to parse it as a valid document? I suspect they did it also for easier PDF generation.
This isn't exactly same topic but close enough I could find in reasonable time: https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_styling_doctype.htm
I'm editing an existing code that has a lot of angular js expressions which are being detected as unsafe by our automated testing system. I was able to see the article below that describes my case, but I was not able to get any specific way to solve it (I'm mostly seeing $watch and $apply). I guess what I need to know here is where do I make changes on the code?
Related links:
http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html
https://docs.angularjs.org/guide/security#angularjs-templates-and-expressions
Sample snippets on my code:
Your code looks perfectly fine. I think what you're missing is the "passing user provided content" portion of that warning.
In the first example the only thing you are passing to $apply is a function that YOU have defined, same as the second example. In the last example you don't pass anything to $apply.
The reason they have these warnings is because $apply can be passed a string to evaluate an expression on $scope.
In the same way that
{{$scope.hello = 'Hello, World'}}
will set the hello property of $scope
$scope.$apply('hello = "Hello, World"')
Will do exactly the same. now imagine you pass user defined content to this
$scope.$apply(userPassedString)
Now you have given a user the ability to run arbitrary javascript expressions in your apply function.
To see exactly what I mean by this (and how this is exploitable), I have created a codepen demo for you here: https://codepen.io/codymikol/pen/bGbzbvp
(You'll have to scroll down in the HTML to see the script, I was lazy and din't link it as a separate JS file \_('__')_/
Also if you REALLY want to understand how the above snippet is able to function (and where I learned about getting the function constructor in such a way) you should watch this video by liveoverflow: https://www.youtube.com/watch?v=DkL3jaI1cj0
This was made back when the AngularJS team was trying to create a sandbox around scope expressions to prevent XSS. There are a bunch of videos detailing different exploits people used to get around the sandbox. Because of how complicated creating a sandbox is and how often it was being exploited they decided to remove it entirely and just warn developers about passing user content in such a way.
Anyone know what is the problem? Each post is a component on its own. When I click the comment button of the second post, the comment box on the first post appear instead.
You code showing that you have written code for like and unlike a post in you Post component. The code is common for all posts. Try to create a separate component for like section.
See this SO for a similar example: React toggle like button
For those who might come across this thread later, I haven't found any valid solution by now. Thus, how I solve this is kinda a bit hacky and might cost a lot of time if your app is quite complex. I added id(not HTML id) to each post and loop through each post and check the id with the id of the element that emits the action to show comment box. If they match simply set the display of the comment box to block.
Are there any simple ways to patch React to autoprefix styles, such that the rendered HTML doesn't differ on the client and server?
For example, is it possible to get
<div style={{display: 'flex'}}/>
to render to (ignoring data-reactid):
<div style="display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;"/>
In the specific case you posted, you may have to make a function in which you pass your style and it creates the correct styles. In cases where a simple prefix will work, you could use something like react-prefixr which just adds ms,Webkit,etc. to the style structure. If display:flex is not handled properly by react-prefixr, you can probably submit it as PR.
I've had the same issue and wanted an easy way to mixin styles. So I created a library that lets you use less/sass style mixins https://seogrady.github.io/style-mixin.
I've just today created a simple prefixing tool, react-prefixer. This handles prefixing possibilities for relevant browsers.
I say relevant because you call out display:-webkit-box syntax, which is basically Safari 5.1, its pretty non-existent these days. Additionally, it only adds the syntax needed, meaning you won't see the full string of styles as you showed ... based on browser support, it will either provide the prefixed version or the spec version, no need to clog up the markup with useless styles.
It's still pretty young (I coded it this morning), but maybe it can help.
suppose user navigated to silverlight page at root/myurl. When user presses f5 I would like the browser to fetch the content of root/, not root/myurl. Is this possible to accomplish?
What I would do is write a flag to your local storage that says, in effect, "'root/myurl' is the last URL I visited." And when when someone reloads "root/myurl", check to see if that flag exists. If it does, renavigate to "root/". It's a little complex, but something of that sort ought to work.
The other approach I usually take in these instances, where I find myself wanting behavior that doesn't match how the browser normally behaves, is to figure out why I'm doing things different from everyone else. Quite often (almost always), there's a better and more natural way to do it, if I'll just take a step back and figure out what I'm really wanting.