Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer kses to blanket esc_html on label #38696

Merged
merged 1 commit into from
Feb 10, 2022
Merged

Prefer kses to blanket esc_html on label #38696

merged 1 commit into from
Feb 10, 2022

Conversation

getdave
Copy link
Contributor

@getdave getdave commented Feb 10, 2022

Description

This PR fixes a bug introduced when adding additional escaping to the output of blocks whereby any rich formatting or HTML would be output in it's raw form.

This PR refines the approach to use wp_kses_post which sanitizes input with allowed HTML elements for post content. This affords more flexibility whilst still warding off anything nefarious.

Kudos to @randhirexpresstech for catching and reporting this one.

Testing Instructions

  1. Add Query Loop. Select default layout.
  2. Below the post excerpt add x2 Post Navigation Link blocks - one for "next" and the other for "previous" (they appear as "Next" and "Previous" in the block inserter.
  3. In inspector controls set both blocks to Display the title as a link and also Include the label as part of the link.
  4. Add as much HTML as you can to the label. Use the rich text formatting and custom HTML.
  5. Publish.
  6. Check front of site. No raw HTML should be displayed unless it falls outside the bounds of what wp_kses_post deems acceptable for Post content.

Screenshots

Screen Shot 2022-02-10 at 10 48 44

Types of changes

Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • I've tested my changes with keyboard and screen readers.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR (please manually search all *.native.js files for terms that need renaming or removal).
  • I've updated related schemas if appropriate.

@getdave getdave added [Type] Code Quality Issues or PRs that relate to code quality [Type] Regression Related to a regression in the latest release [Block] Post Navigation Link Affects the Post Navigation Link Block labels Feb 10, 2022
@getdave getdave self-assigned this Feb 10, 2022
@getdave getdave mentioned this pull request Feb 10, 2022
Closed
@getdave getdave requested a review from pkevan February 10, 2022 10:50
@getdave getdave merged commit 5b55014 into trunk Feb 10, 2022
@getdave getdave deleted the fix/post-navigation-link-escaping branch February 10, 2022 13:07
@github-actions github-actions bot added this to the Gutenberg 12.7 milestone Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkevan pkevan pkevan approved these changes

@draganescu draganescu Awaiting requested review from draganescu

@Mamaduka Mamaduka Awaiting requested review from Mamaduka

@swissspidy swissspidy Awaiting requested review from swissspidy

@ajitbohra ajitbohra Awaiting requested review from ajitbohra ajitbohra is a code owner

Assignees

@getdave getdave

Labels
[Block] Post Navigation Link Affects the Post Navigation Link Block [Type] Code Quality Issues or PRs that relate to code quality [Type] Regression Related to a regression in the latest release
Projects
None yet
Milestone
Gutenberg 12.7
Development

Successfully merging this pull request may close these issues.

Formatting/HTML code output issue with Post Excerpt "read more" link and next-previous post link block
2 participants
@getdave @pkevan