feat: add printable checklists for SFC certifications

[madjin]

Summary

• Adds a generator script that creates print-optimized HTML checklists from SFC certification MDX files
• Adds a Print button to certification pages (next to Import/Export) that opens the printable version
• 3-column CSS layout with smart section chunking for optimal print layout

Features

• Print Button: Each SFC cert page now has a Print button linking to /printable/{cert-name}.html
• Print-Optimized HTML: Standalone pages with org/owner/date fields, checkboxes, and notes sections
• Auto-Generated: Runs during build, outputs to docs/public/printable/

Files Changed

• utils/generate-printable-checklists.js - New generator script
• components/cert/CertList.tsx - Print button added
• components/cert/control.css - Print button styling
• package.json - Build script integration
• .gitignore - Ignore generated files

Test plan

• Run pnpm run docs:dev and verify Print button appears on cert pages
• Click Print button and verify printable HTML loads
• Test print/PDF export from browser
• Run pnpm run docs:build and verify files in docs/dist/printable/

🤖 Generated with Claude Code

Preview

[vercel]

@madjin is attempting to deploy a commit to the Security Alliance Team on Vercel.

A member of the Team first needs to authorize it.

[smagdali]

This is cool (and the output looks great), but why deploy as a separate doc and button, rather than a standard print style sheet that is used when someone chooses Print in the browser?

Generally, it's considered not-great-practice to replicate browser furniture.

Does it trigger if I hit cmd-p ?

(maybe it does - I couldn't see from my skim of the code - dismiss at will).

[madjin]

This is cool (and the output looks great), but why deploy as a separate doc and button, rather than a standard print style sheet that is used when someone chooses Print in the browser?

Generally, it's considered not-great-practice to replicate browser furniture.

Does it trigger if I hit cmd-p ?

(maybe it does - I couldn't see from my skim of the code - dismiss at will).

not replicating browser furniture on the main page, moreso providing a link to a purpose-built printable form with fields for Org/Owner/Date, dense layout. Can print via button or cmd/ctrl-p on the new page

[smagdali]

It's a nit, but (more) correct behaviour would be to deploy that style sheet if someone prints the main page. https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Media_queries/Printing
https://wblinks.com/notes/always-include-a-print-stylesheet/

[madjin]

Added print stylesheet so now ctrl/cmd-p on main page produces cleaner output. It's ~4x more pages (single-column web layout) vs the dedicated printable which is optimized as a dense 3-column paper form.

Here's how modified stylesheet looks, 12 pages vs 7 pages (after):

The dense html form is 2 pages. Both options now work ^^

[DicksonWu654]

Hey @madjin super sorry for the delay! The printable version looks amazing! Thank you so much!

But I found 1 bug: if you have frameworks on darkmode, the printable versions are unreadable 😅

I'm gonna suggest some fixes in the pr review

[DicksonWu654]

The fixes to the black background for darkmode print

[DicksonWu654]

lgtm!

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
frameworks	Ready	Preview, Comment	Jan 12, 2026 10:36am

[madjin]

Security Review: PR #320 - Printable Checklists

Overview

Quick security review of the printable checklist generator for potential hardening.

---

Findings

1. Path Sanitization Gap (Medium)

File: utils/generate-printable-checklists.js:370

The sanitizeCertName() function exists and is used for URL generation, but not for the output file path:

const certName = file.replace('.mdx', '');  // unsanitized                                                                     
const outputPath = path.join(OUTPUT_DIR, `${certName}.html`);                                                                  

Fix: Apply existing sanitizer to both uses:

const certName = sanitizeCertName(file.replace('.mdx', ''));                                                                   

2. Input Validation (Low)

Control properties from YAML are escaped but not type-checked. Malformed frontmatter could cause unexpected behavior.

Optional hardening:

if (typeof c.title !== 'string') continue;                                                                                     

---

What's Already Good

• HTML escaping applied to all user content via escapeHtml()
• Input files filtered to sfc-*.mdx pattern
• Output directory gitignored
• Link uses rel="noopener noreferrer"

---

Recommendation

Apply the one-line path sanitization fix. Everything else is defense-in-depth and optional.

[madjin]

Option 2: Consider Separating from Dev Build

Currently generate-printables runs on every docs:dev. Consider:

"docs:dev": "... && vocs dev", // no printables
"docs:build": "... && pnpm run generate-printables && vocs build", // build-only

Why? Reduces attack surface during normal dev - the generator only executes when deploying. Devs can
still run pnpm run generate-printables manually when needed.

Can also make it a CI-only thing + manual command only for even more protection

[madjin]

Implemented the security hardening suggestions:

1. Path sanitization - sanitizeCertName() now applied to output file path, with validation to skip malformed filenames
2. Input validation - Added typeof c.title === 'string' check for YAML control properties
3. Separated from dev - generate-printables removed from docs:dev, runs only on docs:build

Devs can still run pnpm run generate-printables manually when needed during local development.