diff options
| author | Patrick H. Lauke <[email protected]> | 2020-06-19 09:31:37 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-06-19 11:31:37 +0300 |
| commit | edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd (patch) | |
| tree | a1e408cd3c48309c49fc06d7dbb52d96ae02fae0 /site/content/docs/5.0/components | |
| parent | 7acf586d3efa9b2bad6a93d81c7cdc3560de6cdf (diff) | |
| download | bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.tar.xz bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.zip | |
Change whitelist to allowlist (#31066)
Co-authored-by: XhmikosR <[email protected]>
Co-authored-by: Mark Otto <[email protected]>
Diffstat (limited to 'site/content/docs/5.0/components')
| -rw-r--r-- | site/content/docs/5.0/components/popovers.md | 6 | ||||
| -rw-r--r-- | site/content/docs/5.0/components/tooltips.md | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/site/content/docs/5.0/components/popovers.md b/site/content/docs/5.0/components/popovers.md index 4e42ee072..73be8ad10 100644 --- a/site/content/docs/5.0/components/popovers.md +++ b/site/content/docs/5.0/components/popovers.md @@ -142,7 +142,7 @@ To allow keyboard users to activate your popovers, you should only add them to H While you can insert rich, structured HTML in popovers with the `html` option, we strongly recommend that you avoid adding an excessive amount of content. The way popovers currently work is that, once displayed, their content is tied to the trigger element with the `aria-describedby` attribute. As a result, the entirety of the popover's content will be announced to assistive technology users as one long, uninterrupted stream. -Additionally, while it is possible to also include interactive controls (such as form elements or links) in your popover (by adding these elements to the `whiteList` or allowed attributes and tags), be aware that currently the popover does not manage keyboard focus order. When a keyboard user opens a popover, focus remains on the triggering element, and as the popover usually does not immediately follow the trigger in the document's structure, there is no guarantee that moving forward/pressing <kbd>TAB</kbd> will move a keyboard user into the popover itself. In short, simply adding interactive controls to a popover is likely to make these controls unreachable/unusable for keyboard users and users of assistive technologies, or at the very least make for an illogical overall focus order. In these cases, consider using a modal dialog instead. +Additionally, while it is possible to also include interactive controls (such as form elements or links) in your popover (by adding these elements to the `allowList` of allowed attributes and tags), be aware that currently the popover does not manage keyboard focus order. When a keyboard user opens a popover, focus remains on the triggering element, and as the popover usually does not immediately follow the trigger in the document's structure, there is no guarantee that moving forward/pressing <kbd>TAB</kbd> will move a keyboard user into the popover itself. In short, simply adding interactive controls to a popover is likely to make these controls unreachable/unusable for keyboard users and users of assistive technologies, or at the very least make for an illogical overall focus order. In these cases, consider using a modal dialog instead. {{< /callout >}} ### Options @@ -150,7 +150,7 @@ Additionally, while it is possible to also include interactive controls (such as Options can be passed via data attributes or JavaScript. For data attributes, append the option name to `data-`, as in `data-animation=""`. {{< callout warning >}} -Note that for security reasons the `sanitize`, `sanitizeFn` and `whiteList` options cannot be supplied using data attributes. +Note that for security reasons the `sanitize`, `sanitizeFn`, and `allowList` options cannot be supplied using data attributes. {{< /callout >}} <table class="table"> @@ -270,7 +270,7 @@ Note that for security reasons the `sanitize`, `sanitizeFn` and `whiteList` opti <td>Enable or disable the sanitization. If activated <code>'template'</code>, <code>'content'</code> and <code>'title'</code> options will be sanitized.</td> </tr> <tr> - <td>whiteList</td> + <td>allowList</td> <td>object</td> <td><a href="{{< docsref "/getting-started/javascript#sanitizer" >}}">Default value</a></td> <td>Object which contains allowed attributes and tags</td> diff --git a/site/content/docs/5.0/components/tooltips.md b/site/content/docs/5.0/components/tooltips.md index 19d95e028..385ec99f0 100644 --- a/site/content/docs/5.0/components/tooltips.md +++ b/site/content/docs/5.0/components/tooltips.md @@ -156,7 +156,7 @@ Elements with the `disabled` attribute aren't interactive, meaning users cannot Options can be passed via data attributes or JavaScript. For data attributes, append the option name to `data-`, as in `data-animation=""`. {{< callout warning >}} -Note that for security reasons the `sanitize`, `sanitizeFn` and `whiteList` options cannot be supplied using data attributes. +Note that for security reasons the `sanitize`, `sanitizeFn`, and `allowList` options cannot be supplied using data attributes. {{< /callout >}} <table class="table"> @@ -278,7 +278,7 @@ Note that for security reasons the `sanitize`, `sanitizeFn` and `whiteList` opti <td>Enable or disable the sanitization. If activated <code>'template'</code> and <code>'title'</code> options will be sanitized.</td> </tr> <tr> - <td>whiteList</td> + <td>allowList</td> <td>object</td> <td><a href="{{< docsref "/getting-started/javascript#sanitizer" >}}">Default value</a></td> <td>Object which contains allowed attributes and tags</td> |
