You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[](https://@github.com/AegisJSProject/template/commits/master)
[](https://@github.com/AegisJSProject/aegis-modal/commits/master)
[](https://liberapay.com/shgysk8zer0/donate"Donate using Liberapay")
@@ -28,125 +29,101 @@ Template repository for [`@aegisjsproject/component`](https://github.com/AegisJS
## Using [`<script type="importmap">`](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type/importmap)
93
79
94
-
All packages **MUST** adhere to strict but fairly easy security guidelines:
80
+
All `@aegisjsproject/*` libraries are available and ready to use without a build
81
+
process such as webpack, but will require a `<script type="importmap">` that includes
82
+
all dependencies:
95
83
96
-
- All commits and tags **MUST** be [PGP/GPG signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
97
-
- All web-based commits **MUST** be signed off by the contributor (a setting in GitHub repo settings)
98
-
- All releases **MUST** use [Package Provenance](https://github.blog/2023-04-19-introducing-npm-package-provenance/)
99
-
- Components **MUST** adhere to a strict [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
100
-
- Components **MUST** comply with the provided [`TrustedTypesPolicy`](https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicy) or add their own, which **SHOULD**:
101
-
- Use `:component-name#html` for writing HTML as a string
102
-
- Use `:component-name#script-url`
103
-
- Components **MUST** be `import`able from a CDN (such as `unpkg.com`) without any build step/bundler
104
-
- Component **SHOULD** provide a `<script type="importmap">` or `importmap.json` as necessary
105
-
- Components **MUST NOT** use inline scripts (`script-src 'unsafe-inline`) or styles (`style-src 'unsafe-inline'`)
106
-
- Components **MUST NOT** use `element.innerHTML` or similar
107
-
- Components **MUST NOT** use `eval()` or `onclick` or anything similar
108
-
- Components using [life cycle callbacks](https://developer.mozilla.org/en-US/docs/Web/API/Web_components/Using_custom_elements#using_the_lifecycle_callbacks)**MUST** have a `[Symbol.for('aegis:render')]` method
Components **MAY** differ from this in requiring additional `script-src` (other
124
-
than `unnsafe-inline`, `unsafe-eval`, and additional `nonce-*` or `sha*` hashes
125
-
(URL only permitted). Components **MAY** add to the `trusted-types`, if necessary,
126
-
such as to add additional [`policy.createScriptURL()`](https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicy/createScript)s
127
-
as essential. Any such policy created for script URLs (namely, `<iframe>`s)
128
-
**SHOULD** be of the form `:component-name#script-url`.
129
-
130
-
Components **SHOULD NOT** utilize methods or setters (such as `innerHTML`) which
131
-
write HTML as strings and would require [`policy.createHTML()`](https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicy/createHTML).
132
-
Components **MAY** use the text alternatives, such as `textContent`. However,
133
-
should the component require such things, the component **MUST** create an
134
-
additional `TrsutedTypePolicy`, which **SHOULD** be named as `:component-name#html`:
135
-
136
-
Components **SHOULD NOT** include any [`policy.createScript()`](https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicy/createScript)
137
-
unless absolutely essential, as this would violate the strict CSP requirement and
138
-
restriction from using `unsafe-*` in `script-src`. However, should your component
139
-
absolutely and justifiably require this, it **SHOULD** use a `TrustedTypes` Policy
140
-
name of the form `:component-name#script`.
141
-
142
-
Any component which requires more than one of `createHTML()`, `createScriptURL()`,
143
-
or `createScript()`**MAY** instead combine the above simple into a single policy,
144
-
which **SHOULD** be named `:component-name`.
145
-
146
-
Components **MUST** explicitly list any necessary changes to their CSP (including)
147
-
`TrustedTypes` in their README.
148
-
149
-
To be listed in the upcoming Aegis component registry, components **MUST NOT**
150
-
implement their own `createHTML()` (`:component-name#html`) or `createScript()`
151
-
(`component-name#script`) methods, but **MAY** implement a `createScriptURL()`
152
-
(`:component-name#script-url`) method.
122
+
## Example
123
+
124
+
```html
125
+
<aegis-modal>
126
+
<h1slot="heading">Lorem Ipsum</h1>
127
+
<p>Error aut mollitia qui alias aut. Temporibus vitae impedit deserunt repellat voluptatibus et. Minima aut et tempore. Ut officiis sed consectetur. Voluptas praesentium ipsam rerum eligendi dolorum. Voluptatem similique omnis quis quidem.</p>
0 commit comments