Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace lodash template in field formatters #94627

Closed
legrego opened this issue Mar 15, 2021 · 3 comments · Fixed by #96048
Closed

Replace lodash template in field formatters #94627

legrego opened this issue Mar 15, 2021 · 3 comments · Fixed by #96048
Labels
Feature:FieldFormatters Feature:Security/CSP Platform Security - Content Security Policy NeededFor:Security

Comments

@legrego
Copy link
Member

legrego commented Mar 15, 2021
edited
Loading

Both the source and color field formatters rely on the lodash template function in order to generate their markup.

This function requires dynamic code execution, which prevents us from enabling a more restrictive content-security-policy. The field formatters should be updated to use another method of HTML generation, such as ReactDOMServer. renderToStaticMarkup(), which is designed to be used both client-side and server-side (despite its name)
@legrego legrego closed this as completed Mar 15, 2021
@legrego legrego reopened this Mar 15, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app-services (Team:AppServices)

@legrego legrego changed the title Replace lodash template in source field formatter Replace lodash template in field formatters Mar 15, 2021
@legrego legrego added Feature:Security/CSP Platform Security - Content Security Policy Feature:FieldFormatters labels Mar 15, 2021
@mattkime
Copy link
Contributor

@legrego are there any release goals for the improved CSP?

@legrego
Copy link
Member Author

legrego commented Mar 16, 2021

@mattkime nothing concrete at this point, but it's getting increased interest from the community

@mattkime mattkime mentioned this issue Mar 16, 2021
Closed
28 tasks
@legrego legrego mentioned this issue Apr 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:FieldFormatters Feature:Security/CSP Platform Security - Content Security Policy NeededFor:Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace lodash templates with static react renderer for field formatters legrego/kibana
3 participants
@mattkime @legrego @elasticmachine