Conversation
| {foodRequest.pantry?.pantryName} | ||
| </Text> | ||
| </Text> | ||
| {orderDetails?.status === OrderStatus.DELIVERED ? ( |
There was a problem hiding this comment.
Have you confirmed with Priya that "pending" and "shipped" both display as the same tag?
There was a problem hiding this comment.
I talked to her, this depends on food request status which is PR #100, once that gets merged in I'll change this
| </Text> | ||
| {orderDetails?.trackingLink ? ( | ||
| <Link | ||
| href={orderDetails.trackingLink} |
There was a problem hiding this comment.
Noting for me and @Yurika-Kan that the way things are currently set up, this creates a security vulnerability where (although at least the text of the link is shown so it's more obvious that it's not a normal link), a food manufacturer could provide a tracking link like javascript:alert("you've been hacked!") and then clicking here actually executes that javascript (I tried it and it is funny but also a problem). Justin, not expecting you to fix this here - backend link sanitization may be the way to go - but wanted to make sure everyone was aware
3 participants
ℹ️ Issue
Closes https://vidushimisra.atlassian.net/jira/software/projects/SSF/boards/1?selectedIssue=SSF-143
📝 Description
This simple PR involves changes to make a reusable order details modal component that displays details of an order and the associated request. This modal is used by Admin, Volunteer, Pantry so this component will be used in many places.
The order details modal was updated on this existing page: /admin-order-management
✔️ Verification
I added a new route to get order details given an orderId so I added controller and service tests for that. I also verified the modal aligned with the figma designs.
🏕️ (Optional) Future Work / Notes
N/A