Story #15424
closedMake the welcome/login page configurable
100%
Description
This will be uses base URL which can be extended to provide access to a tree of HTML snippets for the Welcome page and which also can be used for theInactive User page, etc.
Updated by Tom Morris over 5 years ago
- Subject changed from Provide a configuration setting for replaceable UI snippets to Make the welcome/login page configurable
- Description updated (diff)
Updated by Tom Morris over 5 years ago
- Related to Feature #13936: [Workbench] Modal after first log in (Steps for registration) added
Updated by Tom Morris about 5 years ago
- Target version changed from 2019-10-09 Sprint to 2019-10-23 Sprint
Updated by Tom Morris about 5 years ago
- Assigned To changed from Tom Morris to Peter Amstutz
Updated by Peter Amstutz about 5 years ago
arvados repo:
15424-wb2-welcome-page @ commit:9d2cf97c13005304f0a9031fd5d88ac89906bb33
wb2 repo:
15424-wb2-welcome-page @ badcb86fb7d0e2ab87c7dcef230072db2e2ae95e
- Add WelcomePageHTML to configuration
- Incorporate contents of WelcomePageHTML into login panel
Updated by Eric Biagiotti about 5 years ago
Peter Amstutz wrote:
arvados repo:
15424-wb2-welcome-page @ commit:9d2cf97c13005304f0a9031fd5d88ac89906bb33
wb2 repo:
15424-wb2-welcome-page @ badcb86fb7d0e2ab87c7dcef230072db2e2ae95e
- Add WelcomePageHTML to configuration
- Incorporate contents of WelcomePageHTML into login panel
- login-panel.tsx has some commented out code.
- Is there potential for an admin to inadvertently add HTML that creates an XSS issue? I am not familiar enough with XSS to know for sure, but I'm seeing recommendations to use https://github.com/cure53/DOMPurify when using dangerouslySetInnerHtml.
Updated by Peter Amstutz about 5 years ago
Eric Biagiotti wrote:
Peter Amstutz wrote:
arvados repo:
15424-wb2-welcome-page @ commit:9d2cf97c13005304f0a9031fd5d88ac89906bb33
wb2 repo:
15424-wb2-welcome-page @ badcb86fb7d0e2ab87c7dcef230072db2e2ae95e
- Add WelcomePageHTML to configuration
- Incorporate contents of WelcomePageHTML into login panel
- login-panel.tsx has some commented out code.
Removed the commented lines.
- Is there potential for an admin to inadvertently add HTML that creates an XSS issue? I am not familiar enough with XSS to know for sure, but I'm seeing recommendations to use https://github.com/cure53/DOMPurify when using dangerouslySetInnerHtml.
XSS would definitely be a problem if arbitrary users were providing HTML that will be injected into the page. In this case, only the admin can specify the HTML, so I don't think there is much to be gained by sanitizing it. If the admin wants to include a script tag in the login page, we should probably let them.
Updated by Eric Biagiotti about 5 years ago
- With the current text, there is one line that makes it below the arvados image, which doesn't look great.
- If you decrease the browser size, eventually the text goes right to the edge. Some padding there would look better.
Updated by Peter Amstutz about 5 years ago
Eric Biagiotti wrote:
- With the current text, there is one line that makes it below the arvados image, which doesn't look great.
- Float the image right instead of left (arvados repo)
15424-wb2-welcome-page @ commit:55ae59fab1e7fe21b51ab8ffb67fcebc2a64f138
- If you decrease the browser size, eventually the text goes right to the edge. Some padding there would look better.
- Add a margin (wb2 repo)
15424-wb2-welcome-page @ 0bdf4669744c1ad68507a158bca8285e672399ab
Updated by Eric Biagiotti about 5 years ago
Peter Amstutz wrote:
Eric Biagiotti wrote:
- With the current text, there is one line that makes it below the arvados image, which doesn't look great.
- Float the image right instead of left (arvados repo)
15424-wb2-welcome-page @ commit:55ae59fab1e7fe21b51ab8ffb67fcebc2a64f138
- If you decrease the browser size, eventually the text goes right to the edge. Some padding there would look better.
- Add a margin (wb2 repo)
15424-wb2-welcome-page @ 0bdf4669744c1ad68507a158bca8285e672399ab
This LGTM, thanks!