Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit decoding attribute to images with src starting with double quote #3586

Closed
wants to merge 8 commits into from
Closed

Limit decoding attribute to images with src starting with double quote #3586

wants to merge 8 commits into from

Conversation

adamsilverstein
Copy link
Member

Trac ticket: https://core.trac.wordpress.org/ticket/56969

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

felixarntz
felixarntz approved these changes Nov 9, 2022
View reviewed changes
Copy link
Member

@felixarntz felixarntz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamsilverstein Looks solid to me, just two nit-picks here in the test HTML.

tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
peterwilsoncc
peterwilsoncc reviewed Nov 10, 2022
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems Ok as temporary fix but as single quotes are a perfectly legitimate form of HTML, it would be good to follow up with something more elegant.

WordPress itself uses the quote types interchangeably and it seems to be fairly common in plugins too, especially when generating the markup from a set of variables.

wordpress-develop/src/wp-includes/pluggable.php

Line 2890 in 55d2653

"<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",

tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
mukeshpanchal27
mukeshpanchal27 reviewed Nov 10, 2022
View reviewed changes
Copy link
Member

@mukeshpanchal27 mukeshpanchal27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @adamsilverstein. It looks good to me left some feedback for space and text changes.

https://github.com/WordPress/wordpress-develop/blob/trunk/tests/phpunit/tests/media/wpImageTagAddDecodingAttr.php contains all the unit tests for wp_img_tag_add_decoding_attr() so is it better to move this new unit test there?

src/wp-includes/media.php Outdated Show resolved Hide resolved
tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
tests/phpunit/tests/media.php Outdated Show resolved Hide resolved
desrosj and others added 4 commits November 10, 2022 11:24
@desrosj @felixarntz
Correct <img> tag to be valid HTML .
d71a2f6 
Co-authored-by: Felix Arntz <felixarntz@users.noreply.github.com>
@desrosj @mukeshpanchal27
Typo fix.
52d143c 
Co-authored-by: Mukesh Panchal <mukeshpanchal27@users.noreply.github.com>
@desrosj @mukeshpanchal27
Remove empty line.
65ae472 
Co-authored-by: Mukesh Panchal <mukeshpanchal27@users.noreply.github.com>
@desrosj @mukeshpanchal27
Remove empty lines.
eed359d 
Co-authored-by: Mukesh Panchal <mukeshpanchal27@users.noreply.github.com>
@desrosj
Copy link
Contributor

desrosj commented Nov 10, 2022

Applied some of the more straightforward suggestions. @adamsilverstein would you be able to get this committed at some point today?

@adamsilverstein
Copy link
Member Author

Yes, will do.

adamsilverstein and others added 3 commits November 10, 2022 13:03
@adamsilverstein @felixarntz
Update tests/phpunit/tests/media.php
a64571e 
Co-authored-by: Felix Arntz <felixarntz@users.noreply.github.com>
@adamsilverstein @mukeshpanchal27
Update tests/phpunit/tests/media.php
75aee64 
Co-authored-by: Mukesh Panchal <mukeshpanchal27@users.noreply.github.com>
@adamsilverstein
Merge branch 'trunk' into ticket/56969
db81ad1
@adamsilverstein
Copy link
Member Author

This seems Ok as temporary fix but as single quotes are a perfectly legitimate form of HTML, it would be good to follow up with something more elegant.

WordPress itself uses the quote types interchangeably and it seems to be fairly common in plugins too, especially when generating the markup from a set of variables.

wordpress-develop/src/wp-includes/pluggable.php

Line 2890 in 55d2653

"<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",

I agree it would be nice to have a more robust solution; this one seems ok for now - especially since the lazy attribute callback already has an identical check.

@adamsilverstein
Copy link
Member Author

Applied some of the more straightforward suggestions. @adamsilverstein would you be able to get this committed at some point today?

@desrosj I'll get this committed and backported first thing tomorrow if you don't beat me to it.

@desrosj desrosj changed the title Limit decoing attribute to images with src starting with double quote Limit decoding attribute to images with src starting with double quote Nov 11, 2022
@peterwilsoncc
Copy link
Contributor

Merged in https://core.trac.wordpress.org/changeset/54802 / 5103242

@adamsilverstein
Copy link
Member Author

thanks @peterwilsoncc!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mukeshpanchal27 mukeshpanchal27 mukeshpanchal27 left review comments

@peterwilsoncc peterwilsoncc peterwilsoncc left review comments

@felixarntz felixarntz felixarntz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@adamsilverstein @desrosj @peterwilsoncc @felixarntz @mukeshpanchal27