Merge branch 'develop' into feature/redesign-conferences

* develop: Ignore the problematics HTML validation checks with hidden inputs (#10020) Fix proposal etiquette and length validator with base64 images (#9639)
decidim · Nov 3, 2022 · 1022fbe · 1022fbe
2 parents dd42e04 + 449a6a2
commit 1022fbe
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 5 deletions.
diff --git a/decidim-core/app/validators/etiquette_validator.rb b/decidim-core/app/validators/etiquette_validator.rb
@@ -3,12 +3,16 @@
 # This validator takes care of ensuring the validated content is
 # respectful, doesn't use caps, and overall is meaningful.
 class EtiquetteValidator < ActiveModel::EachValidator
+  include ActionView::Helpers::SanitizeHelper
+
   def validate_each(record, attribute, value)
     return if value.blank?
 
-    validate_caps(record, attribute, value)
-    validate_marks(record, attribute, value)
-    validate_caps_first(record, attribute, value)
+    text_value = strip_tags(value)
+
+    validate_caps(record, attribute, text_value)
+    validate_marks(record, attribute, text_value)
+    validate_caps_first(record, attribute, text_value)
   end
 
   private

diff --git a/decidim-core/spec/validators/etiquette_validator_spec.rb b/decidim-core/spec/validators/etiquette_validator_spec.rb
@@ -81,4 +81,19 @@ def self.model_name
       it { is_expected.to be_valid }
     end
   end
+
+  context "when the text is written in HTML" do
+    let(:body) do
+      data = File.read(Decidim::Dev.asset("avatar.jpg"))
+      encoded = Base64.encode64(data)
+
+      <<~HTML
+        <p>Text before the image.</p>
+        <p><img src="data:image/jpeg;base64,#{encoded.strip}"></p>
+        <p>Some other text after the image.</p>
+      HTML
+    end
+
+    it { is_expected.to be_valid }
+  end
 end
diff --git a/decidim-dev/lib/decidim/dev/test/w3c_rspec_validators_overrides.rb b/decidim-dev/lib/decidim/dev/test/w3c_rspec_validators_overrides.rb
@@ -1,5 +1,41 @@
 # frozen_string_literal: true
 
+# This is a temporary fix to ignore some HTML/CSS validation issues with the
+# Decidim HTML validation process.
+#
+# See: https://github.com/decidim/decidim/pull/10014
+# Related:
+# - https://github.com/rails/rails/issues/46405
+# - https://github.com/foundation/foundation-sites/pull/12496
+module W3CValidators
+  class NuValidator
+    protected
+
+    alias validate_nu validate unless method_defined?(:validate_nu)
+
+    def validate(options) # :nodoc:
+      filter_results(validate_nu(options))
+    end
+
+    def ignore_errors
+      @ignore_errors ||= [
+        "An “input” element with a “type” attribute whose value is “hidden” must not have an “autocomplete” attribute whose value is “on” or “off”.",
+        "An “input” element with a “type” attribute whose value is “hidden” must not have any “aria-*” attributes."
+      ]
+    end
+
+    def filter_results(results)
+      messages = results.instance_variable_get(:@messages)
+      messages.delete_if do |msg|
+        msg.is_error? && ignore_errors.include?(msg.message)
+      end
+      results.instance_variable_set(:@validity, messages.none?(&:is_error?))
+
+      results
+    end
+  end
+end
+
 # This allows us to dynamically load the validator URL from the ENV.
 module W3cRspecValidators
   class Config

diff --git a/decidim-proposals/app/validators/proposal_length_validator.rb b/decidim-proposals/app/validators/proposal_length_validator.rb
@@ -5,11 +5,14 @@
 # allows the minimum and maximum values to be lambdas allowing us to fetch the
 # maximum length dynamically for each proposals component.
 class ProposalLengthValidator < ActiveModel::EachValidator
+  include ActionView::Helpers::SanitizeHelper
+
   def validate_each(record, attribute, value)
     return if value.blank?
 
-    validate_min_length(record, attribute, value)
-    validate_max_length(record, attribute, value)
+    text_value = strip_tags(value)
+    validate_min_length(record, attribute, text_value)
+    validate_max_length(record, attribute, text_value)
   end
 
   private

diff --git a/decidim-proposals/spec/validators/proposal_length_validator_spec.rb b/decidim-proposals/spec/validators/proposal_length_validator_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe ProposalLengthValidator do
+  subject { validatable.new(body:) }
+
+  let(:validatable) do
+    Class.new do
+      def self.model_name
+        ActiveModel::Name.new(self, nil, "Validatable")
+      end
+
+      include Decidim::AttributeObject::Model
+      include ActiveModel::Validations
+
+      attribute :body
+
+      validates :body, proposal_length: {
+        minimum: 15,
+        maximum: ->(_record) { 100 }
+      }
+    end
+  end
+
+  context "when the text is too short" do
+    let(:body) { "Lorem ipsum d" }
+
+    it { is_expected.to be_invalid }
+  end
+
+  context "when the text is too long" do
+    let(:body) { "a" * 101 }
+
+    it { is_expected.to be_invalid }
+  end
+
+  context "when the text is written in HTML" do
+    let(:body) do
+      data = File.read(Decidim::Dev.asset("avatar.jpg"))
+      encoded = Base64.encode64(data)
+
+      <<~HTML
+        <p>Text before the image.</p>
+        <p><img src="data:image/jpeg;base64,#{encoded.strip}"></p>
+        <p>Some other text after the image.</p>
+      HTML
+    end
+
+    it { is_expected.to be_valid }
+  end
+end