Patterns: Decode potentially-malformed ampersands in block content #533
Conversation
ryelle
added
the
[Component] Pattern Directory
|
This is working as expected. 👍 I'm not sure what's the best way to test but sometimes |
I think that's fine because they'll be decoded, the issue is the double-encoding of |
| @@ -298,7 +298,7 @@ function register_rest_fields() { | |||
| 'pattern_content', | |||
| array( | |||
| 'get_callback' => function() { | |||
| return wp_kses_post( get_the_content() ); | |||
| return decode_pattern_content( get_the_content() ); | |||
There was a problem hiding this comment.
Do you think it's safe not to sanitize through wp_kses_post here? Check my comment: WordPress/gutenberg#47636 (comment)
The issue here is a result of GB sanitizing the pattern content through
wp_kses_post. The flow there is:
wp_kses_normalize_entitiesreplaces&to&wp_pre_kses_block_attributesreplaces&to\u0026that results in\u0026amp;in the final output.
The above though is for security reasons and normally is not an issue for block attributes that are not URLs. In the
Cover
block case though it is a problem, as it results to a malformed URL.
Fixes #488 — As described there, sometimes images are saved with the ampersands multiply-encoded, resulting in strings like
…img.jpg?w=1200\u0026amp;h=1200\u0026amp;fit=clip. When used in the editor, the first encoding is decoded, but then…img.jpg?w=1200&h=1200&fit=clipis not decoded, and causes a 403 error from rawpixel.Additionally, sometimes the slash is stripped, leading to these URLs
…img.jpg?w=1200u0026amp;h=1200u0026amp;fit=clip, which cause a block validation error.This PR does a very simple string-replacement for these two cases, only on output. Looking for review to make sure this doesn't have any unexpected side effects.
I also removed
get_all_the_content, it isn't used in this project after all.How to test the changes in this Pull Request:
Copy patterns using both copy buttons — the one on the single pattern page and in the grid view.