Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow arbitrary functions to be treated as stylesheets #3122

Closed
nolanlawson opened this issue Oct 20, 2022 · 3 comments
Closed

Disallow arbitrary functions to be treated as stylesheets #3122

nolanlawson opened this issue Oct 20, 2022 · 3 comments
Labels
BUG P3

Comments

@nolanlawson
Copy link
Collaborator

Related to #2826, it is possible to render whatever dynamic CSS you want by using this hack:

export default class extends LightningElement {
  render() {
    template.stylesheets = [() => 'h1 { color: red; background: green; }']
    template.stylesheetToken = 'foo'
    return template
  }
}

Demo

Ideally, we should lock down stylesheets to disallow this. We could use the same mechanism we currently use for templates (registerTemplate) and components (registerComponent). E.g. we could have a registerStylesheet to sign the stylesheet functions.

Note that this wouldn't remove any capabilities that aren't already exposed. You can just inject your own stylesheets manually, e.g. by adding <style> tags, modifying adoptedStyleSheets, etc.
@nolanlawson
Copy link
Collaborator Author

We would also have to be careful with the rollout, since this may have backwards compat impliciations.

@git2gus
Copy link

git2gus bot commented Oct 20, 2022

This issue has been linked to a new work item: W-11939723

@nolanlawson nolanlawson mentioned this issue Oct 20, 2022
Merged
@nolanlawson nolanlawson mentioned this issue Nov 10, 2022
Closed
@nolanlawson nolanlawson mentioned this issue Dec 19, 2022
Open
63 tasks
@jye-sf jye-sf mentioned this issue Apr 4, 2023
Merged
@nolanlawson
Copy link
Collaborator Author

Superseded by #3447

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BUG P3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nolanlawson