Replace inline scripts in links to prevent default

Use buttons instead of links with javascript:void(0)

Replace inline scripts in links to prevent default
Use buttons instead of links with javascript:void(0)
5088e316 · Heinrich Lee Yu · 0a33c2fb · 5088e316 · 5088e316 · 5088e316
Commit 5088e316 authored Aug 15, 2019 by Heinrich Lee Yu
6 changed files
--- a/app/assets/javascripts/members.js
+++ b/app/assets/javascripts/members.js
@@ -17,6 +17,8 @@ export default class Members {
  }

  dropdownClicked(options) {
+    options.e.preventDefault();
+
    this.formSubmit(null, options.$el);
  }


--- a/app/views/projects/commit/_ajax_signature.html.haml
+++ b/app/views/projects/commit/_ajax_signature.html.haml
 - if commit.has_signature?
-  %a{ href: 'javascript:void(0)', tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }
+  %button{ tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }
--- a/app/views/projects/commit/_signature_badge.html.haml
+++ b/app/views/projects/commit/_signature_badge.html.haml
@@ -24,5 +24,5 @@

  = link_to(_('Learn more about signing commits'), help_page_path('user/project/repository/gpg_signed_commits/index.md'), class: 'gpg-popover-help-link')

-%a{ href: 'javascript:void(0)', tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
+%button{ tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
  = label
--- a/app/views/shared/members/_group.html.haml
+++ b/app/views/shared/members/_group.html.haml
@@ -32,7 +32,7 @@
            %ul
              - Gitlab::Access.options.each do |role, role_id|
                %li
-                  = link_to role, "javascript:void(0)",
+                  = link_to role, '#',
                    class: ("is-active" if group_link.group_access == role_id),
                    data: { id: role_id, el_id: dom_id }
      .clearable-input.member-form-control.d-sm-inline-block

--- a/app/views/shared/members/_member.html.haml
+++ b/app/views/shared/members/_member.html.haml
@@ -82,7 +82,7 @@
                  %ul
                    - member.valid_level_roles.each do |role, role_id|
                      %li
-                        = link_to role, "javascript:void(0)",
+                        = link_to role, '#',
                          class: ("is-active" if member.access_level == role_id),
                          data: { id: role_id, el_id: dom_id(member) }
                    = render_if_exists 'shared/members/ee/revert_ldap_group_sync_option',

--- a/spec/features/signed_commits_spec.rb
+++ b/spec/features/signed_commits_spec.rb
@@ -15,8 +15,8 @@ describe 'GPG signed commits' do

    visit project_commit_path(project, ref)

-    expect(page).to have_link 'Unverified'
-    expect(page).not_to have_link 'Verified'
+    expect(page).to have_button 'Unverified'
+    expect(page).not_to have_button 'Verified'

    # user changes his email which makes the gpg key verified
    perform_enqueued_jobs do
@@ -26,8 +26,8 @@ describe 'GPG signed commits' do

    visit project_commit_path(project, ref)

-    expect(page).not_to have_link 'Unverified'
-    expect(page).to have_link 'Verified'
+    expect(page).not_to have_button 'Unverified'
+    expect(page).to have_button 'Verified'
  end

  it 'changes from unverified to verified when the user adds the missing gpg key' do
@@ -36,8 +36,8 @@ describe 'GPG signed commits' do

    visit project_commit_path(project, ref)

-    expect(page).to have_link 'Unverified'
-    expect(page).not_to have_link 'Verified'
+    expect(page).to have_button 'Unverified'
+    expect(page).not_to have_button 'Verified'

    # user adds the gpg key which makes the signature valid
    perform_enqueued_jobs do
@@ -46,8 +46,8 @@ describe 'GPG signed commits' do

    visit project_commit_path(project, ref)

-    expect(page).not_to have_link 'Unverified'
-    expect(page).to have_link 'Verified'
+    expect(page).not_to have_button 'Unverified'
+    expect(page).to have_button 'Verified'
  end

  context 'shows popover badges', :js do
@@ -136,7 +136,7 @@ describe 'GPG signed commits' do
      visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)

      # wait for the signature to get generated
-      expect(page).to have_link 'Verified'
+      expect(page).to have_button 'Verified'

      user_1.destroy!