Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Sitebars endpoint] Add tests for slashing behavior #24785

Merged
merged 6 commits into from Aug 27, 2020

Conversation

adamziel
Copy link
Contributor

@adamziel adamziel commented Aug 25, 2020

Description

This PR adds coverage for the correct usage of wp_slash in update_item method as per #24290 (review).

How has this been tested?

Confirm all checks pass on this PR.

Types of changes

Non-breaking change

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR.

@adamziel adamziel added the [Feature] Widgets Screen The block-based screen that replaced widgets.php. label Aug 25, 2020
@adamziel adamziel self-assigned this Aug 25, 2020
@adamziel adamziel added this to PRs in progress in Block-based Widgets Editor via automation Aug 25, 2020
@github-actions
Copy link

github-actions bot commented Aug 25, 2020

Size Change: 0 B

Total Size: 1.17 MB

ℹ️ View Unchanged
Filename Size Change
build/a11y/index.js 1.14 kB 0 B
build/annotations/index.js 3.67 kB 0 B
build/api-fetch/index.js 3.44 kB 0 B
build/autop/index.js 2.82 kB 0 B
build/blob/index.js 620 B 0 B
build/block-directory/index.js 7.99 kB 0 B
build/block-directory/style-rtl.css 953 B 0 B
build/block-directory/style.css 952 B 0 B
build/block-editor/index.js 126 kB 0 B
build/block-editor/style-rtl.css 10.8 kB 0 B
build/block-editor/style.css 10.8 kB 0 B
build/block-library/editor-rtl.css 8.52 kB 0 B
build/block-library/editor.css 8.52 kB 0 B
build/block-library/index.js 136 kB 0 B
build/block-library/style-rtl.css 7.45 kB 0 B
build/block-library/style.css 7.46 kB 0 B
build/block-library/theme-rtl.css 729 B 0 B
build/block-library/theme.css 730 B 0 B
build/block-serialization-default-parser/index.js 1.88 kB 0 B
build/block-serialization-spec-parser/index.js 3.1 kB 0 B
build/blocks/index.js 47.7 kB 0 B
build/components/index.js 200 kB 0 B
build/components/style-rtl.css 15.7 kB 0 B
build/components/style.css 15.7 kB 0 B
build/compose/index.js 9.67 kB 0 B
build/core-data/index.js 12.3 kB 0 B
build/data-controls/index.js 1.29 kB 0 B
build/data/index.js 8.55 kB 0 B
build/date/index.js 5.38 kB 0 B
build/deprecated/index.js 772 B 0 B
build/dom-ready/index.js 568 B 0 B
build/dom/index.js 4.48 kB 0 B
build/edit-navigation/index.js 11.7 kB 0 B
build/edit-navigation/style-rtl.css 1.16 kB 0 B
build/edit-navigation/style.css 1.16 kB 0 B
build/edit-post/index.js 304 kB 0 B
build/edit-post/style-rtl.css 5.61 kB 0 B
build/edit-post/style.css 5.61 kB 0 B
build/edit-site/index.js 17 kB 0 B
build/edit-site/style-rtl.css 3.06 kB 0 B
build/edit-site/style.css 3.06 kB 0 B
build/edit-widgets/index.js 11.9 kB 0 B
build/edit-widgets/style-rtl.css 2.45 kB 0 B
build/edit-widgets/style.css 2.45 kB 0 B
build/editor/editor-styles-rtl.css 537 B 0 B
build/editor/editor-styles.css 539 B 0 B
build/editor/index.js 45.3 kB 0 B
build/editor/style-rtl.css 3.8 kB 0 B
build/editor/style.css 3.79 kB 0 B
build/element/index.js 4.65 kB 0 B
build/escape-html/index.js 733 B 0 B
build/format-library/index.js 7.71 kB 0 B
build/format-library/style-rtl.css 547 B 0 B
build/format-library/style.css 548 B 0 B
build/hooks/index.js 2.13 kB 0 B
build/html-entities/index.js 621 B 0 B
build/i18n/index.js 3.56 kB 0 B
build/is-shallow-equal/index.js 710 B 0 B
build/keyboard-shortcuts/index.js 2.52 kB 0 B
build/keycodes/index.js 1.94 kB 0 B
build/list-reusable-blocks/index.js 3.12 kB 0 B
build/list-reusable-blocks/style-rtl.css 476 B 0 B
build/list-reusable-blocks/style.css 476 B 0 B
build/media-utils/index.js 5.32 kB 0 B
build/notices/index.js 1.79 kB 0 B
build/nux/index.js 3.4 kB 0 B
build/nux/style-rtl.css 671 B 0 B
build/nux/style.css 668 B 0 B
build/plugins/index.js 2.56 kB 0 B
build/primitives/index.js 1.41 kB 0 B
build/priority-queue/index.js 789 B 0 B
build/redux-routine/index.js 2.85 kB 0 B
build/rich-text/index.js 13.9 kB 0 B
build/server-side-render/index.js 2.77 kB 0 B
build/shortcode/index.js 1.7 kB 0 B
build/token-list/index.js 1.27 kB 0 B
build/url/index.js 4.06 kB 0 B
build/viewport/index.js 1.85 kB 0 B
build/warning/index.js 1.14 kB 0 B
build/wordcount/index.js 1.17 kB 0 B

compressed-size-action

@draganescu
Copy link
Contributor

@adamziel the new test seems to fail.

@@ -378,6 +378,60 @@ public function test_update_item() {
);
}

/**
*
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please write something here.

@adamziel adamziel force-pushed the update/test-slashing-behavior branch 3 times, most recently from 1abeb61 to 6f73eda Compare August 26, 2020 12:34
@adamziel
Copy link
Contributor Author

The test fails because of ">" character in the input. It should most definitely be addressed, but is not trivial and it also seems out of scope for this PR. I removed this case from here and added another task to the list.

@adamziel
Copy link
Contributor Author

Would you mind re-reviewing @draganescu?

@TimothyBJacobs
Copy link
Member

The test fails because of ">" character in the input. It should most definitely be addressed, but is not trivial and it also seems out of scope for this PR. I removed this case from here and added another task to the list.

Which issue # is that?

@adamziel
Copy link
Contributor Author

adamziel commented Aug 26, 2020

@TimothyBJacobs I was lazy and added it to the list in this issue to address later this week :) #24530 :

Protect from XSS by testing e.g. the text widget for input like 'text' => '<script>alert(1)</script>'.

@TimothyBJacobs
Copy link
Member

TimothyBJacobs commented Aug 26, 2020

Got it!

@adamziel adamziel force-pushed the update/test-slashing-behavior branch from 6f73eda to c11eabd Compare August 27, 2020 08:04
@adamziel adamziel merged commit 25f9e09 into master Aug 27, 2020
Block-based Widgets Editor automation moved this from PRs in progress to Done Aug 27, 2020
@adamziel adamziel deleted the update/test-slashing-behavior branch August 27, 2020 08:30
@github-actions github-actions bot added this to the Gutenberg 8.9 milestone Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[Feature] Widgets Screen The block-based screen that replaced widgets.php.
Projects
No open projects
Development

Successfully merging this pull request may close these issues.

None yet

4 participants