Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 'Fix iframe disabling producing invalid HTML' to v0.26 #10764

Merged
merged 7 commits into from
May 2, 2023
Merged

Backport 'Fix iframe disabling producing invalid HTML' to v0.26 #10764

merged 7 commits into from
May 2, 2023

Conversation

andreslucena
Copy link
Member

🎩 What? Why?

Backport #9685 to v0.26

♥️ Thank you!

@ahukkanen @andreslucena
Fix iframe disabling producing invalid HTML
136cf2d 
* Change the method for iframe disabling

* Fix the meeting embed code with the commented iframe approach

* Different content sanitization for admins and participants

In order to prevent participants entering iframes on the pages.

* Mark admin sanitized content correctly in different cells

* Revert back to the decidim_sanitize_editor method

As the admin methods were changed accordingly.

* Fix the user input scrubber specs

* Add spec for the admin input scrubber

* Fix the spec description

* Add more specs to test the comments with the user input scrubber

* Test that admin input scrubber allows disabled iframes
@andreslucena andreslucena added backport Pull Requests that are a backport for a fixed bug module: core module: meetings type: fix PRs that implement a fix for a bug labels Apr 25, 2023
ahukkanen
ahukkanen requested changes Apr 26, 2023
View reviewed changes
Copy link
Contributor

@ahukkanen ahukkanen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some redesign changes that were applied in this backport that need to be reverted.

The specs probably also need to be changed because all the tests may not be relevant for this 0.26 backport.

decidim-core/app/views/decidim/pages/_standalone.html.erb Outdated Show resolved Hide resolved
decidim-core/app/views/decidim/pages/_tabbed.html.erb Outdated Show resolved Hide resolved
@alecslupu alecslupu added this to Pending review from Product in Maintainers via automation Apr 26, 2023
@ahukkanen
Copy link
Contributor

The last spec is broken because the external domain link warning is broken because this will add the ql-editor class as the parent of the content added to the page and any content within this tag is excluded for the external domain warning as per:

decidim/decidim-core/app/packs/src/decidim/external_domain_warning.js

Lines 12 to 14 in 16be2f4

if (!$link[0].hasAttribute("href") || $link.parents(".ql-editor").length > 0) {
return false;
}

This was changed for develop and 0.27 by #9764 but it was not backported to 0.26.

I just opened the backport for that PR at #10806. This should fix the last broken spec.

@andreslucena
Copy link
Member Author

I just opened the backport for that PR at #10806. This should fix the last broken spec.

Great! I've just reviewed and merged it, and merged this branch with release/0.26-stable. We need to wait for the CI now.

Also, thanks guys for taking care of this PR, I didn't have much time the past week to dedicate to this PR.

@ahukkanen ahukkanen merged commit 9fd74a7 into release/0.26-stable May 2, 2023
Maintainers automation moved this from Pending review from Product to Done May 2, 2023
@ahukkanen ahukkanen deleted the backport/0.26/fix-iframe-disabling-producing-9685 branch May 2, 2023 09:28
This was referenced May 2, 2023
Merged
Merged
@alecslupu alecslupu added this to the 0.26.7 milestone Jul 14, 2023
@alecslupu alecslupu mentioned this pull request Jul 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alecslupu alecslupu alecslupu left review comments

@ahukkanen ahukkanen ahukkanen approved these changes

Assignees
No one assigned
Labels
backport Pull Requests that are a backport for a fixed bug module: core module: meetings type: fix PRs that implement a fix for a bug
Projects
Maintainers
Done
Milestone
0.26.7
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andreslucena @ahukkanen @alecslupu