Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests: Run block fixtures through KSES. #35611

Merged
merged 4 commits into from Nov 2, 2021
Merged

Tests: Run block fixtures through KSES. #35611

merged 4 commits into from Nov 2, 2021

Conversation

pento
Copy link
Member

@pento pento commented Oct 14, 2021
edited

Description

#34738 noted that the PDF embed feature produces HTML that KSES strips for non-admin users.

In order to help avoid this in the future, we should run block fixtures through KSES, to ensure they produce HTML that won't be stripped when a post is saved.

Note: This PR requires WP54261 in order to pass.

How has this been tested?

This change only affects PHP unit tests, and modifies some of the fixtures that inadvertently have data stripped, due to using HTML that KSES doesn't allow.

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • I've tested my changes with keyboard and screen readers.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR (please manually search all *.native.js files for terms that need renaming or removal).

@pento pento self-assigned this Oct 14, 2021
@pento pento force-pushed the add/kses-fixture-tests branch from d38b8a4 to 1bce329 Compare Oct 14, 2021
@pento pento marked this pull request as ready for review Oct 14, 2021
@pento pento requested a review from Oct 14, 2021
@pento pento mentioned this pull request Oct 14, 2021
Closed
@gziolo
Copy link
Member

@gziolo gziolo commented Oct 18, 2021
edited

Is KSES removing all images encoded as data? Do we ever inline images in the block editor? Is that a concern?

Other than that, it looks like a nice addition to the verification process 👍

@pento
Copy link
Member Author

@pento pento commented Oct 18, 2021

Is KSES removing all images encoded as data? Do we ever inline images in the block editor? Is that a concern?

The data: "protocol" has never been allowed in Core, KSES strips it off. I'm fine with assuming that this is just how some of the tests were set up originally, then the rest are a product of copy/pasta. I also had a quick search through the block editor source, I didn't find any concerning references to data:.

If the block editor was storing inline images, we probably would've heard about it by now. (I'm looking forward to this comment coming back to bite me in the future. 😛)

@gziolo
Copy link
Member

@gziolo gziolo commented Oct 18, 2021

If the block editor was storing inline images, we probably would've heard about it by now. (I'm looking forward to this comment coming back to bite me in the future. 😛)

I know that the block editor uses data: to show images when uploading/processing them, then replaces that with the final URL. I guess it’s fine to use URL with tests, but it still would be good to clarify why data version infected all those fixtures 😅

@pento
Copy link
Member Author

@pento pento commented Oct 20, 2021

I know that the block editor uses data: to show images when uploading/processing them, then replaces that with the final URL. I guess it’s fine to use URL with tests, but it still would be good to clarify why data version infected all those fixtures 😅

Ugh, we probably need to figure out a different way to do it, the data: URLs were added on purpose in #14625.

@gziolo
Copy link
Member

@gziolo gziolo commented Oct 21, 2021

Ugh, we probably need to figure out a different way to do it, the data: URLs were added on purpose in #14625.

Those fixtures are no longer used with e2e tests so it might be no longer a limitation. The other option could be to run another rule in test_kses_doesnt_change_fixtures that replaces data: with some fake URLs.

@pento pento force-pushed the add/kses-fixture-tests branch from 1bce329 to 27f4078 Compare Nov 1, 2021
pento added 2 commits Nov 1, 2021
@pento
Revert "Update all of the fixtures that use data: protocols."
fe0117e 
This reverts commit 27f4078.
@pento
Modify the data: URLs before processing them.
89c7531 
Modify the data: URLs before processing them, instead of changing all the fixtures.
@pento pento force-pushed the add/kses-fixture-tests branch from fccadd3 to 89c7531 Compare Nov 1, 2021
@pento
Copy link
Member Author

@pento pento commented Nov 1, 2021

@gziolo: Good idea on doing the replace in test_kses_doesnt_change_fixtures(), makes for much less churn. 🙂

Since WP54261 has landed, the tests all pass correctly now.

gziolo
gziolo approved these changes Nov 1, 2021
View changes
@gziolo
Copy link
Member

@gziolo gziolo commented Nov 1, 2021

Great, let's move forward with this PR. We could add a similar test case in WordPress core, but we don't have the same test fixtures there. Maybe, it's enough to have full coverage in the plugin since we sync the code from here anyway.

@pento
Copy link
Member Author

@pento pento commented Nov 2, 2021

We could add a similar test case in WordPress core, but we don't have the same test fixtures there. Maybe, it's enough to have full coverage in the plugin since we sync the code from here anyway.

I think coverage in the plugin is fine, as long as there's a process to ensure that simple changes to KSES that can be done in the plugin (eg, adding a new tag or attribute through the wp_kses_allowed_html filter) make their way to Core.

@pento pento merged commit 0fa370b into trunk Nov 2, 2021
20 checks passed
@pento pento deleted the add/kses-fixture-tests branch Nov 2, 2021
@github-actions github-actions bot added this to the Gutenberg 11.9 milestone Nov 2, 2021
carolinan added a commit that referenced this issue Nov 4, 2021
@pento @carolinan
Tests: Run block fixtures through KSES. (#35611)
e45f00a
@pento pento mentioned this pull request Nov 5, 2021
Draft
@andrewserong andrewserong mentioned this pull request Nov 9, 2021
Merged
@gziolo gziolo mentioned this pull request Mar 1, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gziolo gziolo

Assignees

@pento pento

Labels
Automated Testing [Type] Code Quality
Projects
None yet
Milestone
Gutenberg 11.9
Linked issues

Successfully merging this pull request may close these issues.

None yet
2 participants
@pento @gziolo