-
Notifications
You must be signed in to change notification settings - Fork 0
Chore/UI rework #32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chore/UI rework #32
Changes from all commits
351d571
4e72e7a
ebbcbe2
e2991ce
8f797b4
a05a871
5e618ad
c8a6641
38ea59d
0733b2e
23e2b96
9c218b2
44a2d55
f9ab419
707a3c8
c10c344
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| "create-docubase": patch | ||
| --- | ||
|
|
||
| UI Update website |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -37,7 +37,3 @@ const { prev, next } = Astro.props; | |
| <div></div> | ||
| )} | ||
| </nav> | ||
|
|
||
| <script> | ||
| import 'iconify-icon'; | ||
| </script> | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -29,7 +29,3 @@ const currentYear = new Date().getFullYear(); | |
| </div> | ||
| </div> | ||
| </footer> | ||
|
|
||
| <script> | ||
| import 'iconify-icon'; | ||
| </script> | ||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -22,6 +22,7 @@ const siteTitle = SITE_TITLE; | |||||
| <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> | ||||||
| <link rel="preconnect" href="https://cdn.jsdelivr.net" crossorigin /> | ||||||
| <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" /> | ||||||
| <script src="https://code.iconify.design/iconify-icon/2.1.0/iconify-icon.min.js" defer></script> | ||||||
|
||||||
| <script src="https://code.iconify.design/iconify-icon/2.1.0/iconify-icon.min.js" defer></script> | |
| <script src="https://code.iconify.design/iconify-icon/3.0.2/iconify-icon.min.js" defer></script> |
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new global script tag loads iconify-icon.min.js directly from the third‑party domain code.iconify.design at runtime, giving external code full execution privileges on every page. If that CDN or DNS is compromised, an attacker can inject arbitrary JavaScript to steal session data, modify content, or perform actions as the user. To reduce this supply‑chain risk, serve this script from a locally managed asset (via your bundler) or, at minimum, add an integrity‑checked, version‑pinned asset managed through your own deployment pipeline instead of a live CDN URL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The selector change from
.btn :global(p)to.btn :is(p)with<style is:global>changes the specificity and behavior. The:is(p)selector is functionally equivalent to justpand targets anypelement, while the original.btn :global(p)specifically targetedpelements that are descendants of.btn. Consider using.btn pinstead to maintain the original intent of targeting paragraph elements within buttons.