[Admin] Do not allow HTML tags for the Product Attribute labels on save #27371
Conversation
magento-engcom-team
added
Area: Frontend
Component: Catalog
Component: Eav
Release Line: 2.4
Partner: Atwix
There was a problem hiding this comment.
Hi @vasilii-b, thank you for your contribution, could you please cover the following improvement by an MFTF test and fix the failing Static Tests?
Thank you.
|
Hi @eduard13, |
There was a problem hiding this comment.
Hi @vasilii-b, thank you for the MFTF coverage, please check the bellow comments. Feel free to reach me if any questions arise.
Thank you.
|
|
||
| <actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd"> | ||
| <actionGroup name="SaveProductAttributeWithHtmlTagsInLabelActionGroup"> |
There was a problem hiding this comment.
Could you please split this Action group into 2 separated ones, trying to make Action Groups a much atomic as possible?
AdminSaveProductAttributeActionGroup- so it may be used later in other validation scopesAssertSeeProductAttributeValidationErrorActionGroup- will validate the presence of the error.
Please check the Best Practices.
| <actionGroup ref="AdminOpenProductAttributePageActionGroup" stepKey="openProductAttributePage"/> | ||
| <click selector="{{AdminProductAttributeGridSection.createNewAttributeBtn}}" stepKey="createNewAttribute"/> |
There was a problem hiding this comment.
I suggest replacing these steps by a separate ActionGroup, that will navigate to NewProductAttributePage.
AdminNavigateToNewProductAttributePageActionGroup, using this page URL ProductAttributePage.
| @@ -50,6 +50,11 @@ | |||
| <element name="StorefrontPropertiesSectionToggle" type="button" selector="#front_fieldset-wrapper"/> | |||
| <element name="visibleOnCatalogPagesOnStorefront" type="select" selector="#is_visible_on_front"/> | |||
| </section> | |||
| <section name="ManageLabelsSection"> | |||
| <element name="PageTitle" type="text" selector="//span[text()='Manage Titles (Size, Color, etc.)']" /> | |||
There was a problem hiding this comment.
I think this element is unnecessary as far as we don't use it.
| @@ -50,6 +50,11 @@ | |||
| <element name="StorefrontPropertiesSectionToggle" type="button" selector="#front_fieldset-wrapper"/> | |||
| <element name="visibleOnCatalogPagesOnStorefront" type="select" selector="#is_visible_on_front"/> | |||
| </section> | |||
| <section name="ManageLabelsSection"> | |||
There was a problem hiding this comment.
Could you please create a separate Section file, and include it in ProductAttributePage page?
| </annotations> | ||
| <before> | ||
| <!-- Login as admin --> | ||
| <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/> |
There was a problem hiding this comment.
LoginAsAdmin is deprecated, please use AdminLoginActionGroup instead.
| <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/> | ||
| </after> | ||
|
|
||
| <!-- Go to Stores > Attributes > Product , click "Add New Attribute" --> |
There was a problem hiding this comment.
The comments are unnecessary, as the stepKeys should be self explanatory.
…o admin-area-product-attribute-can-save-with-html-tags-in-labels
|
Thank you very much for the feedback and the suggestions, @eduard13! |
|
@magento give me test instance |
|
Hi @eduard13. Thank you for your request. I'm working on Magento instance for you |
|
Hi @eduard13, here is your new Magento instance. |
…o admin-area-product-attribute-can-save-with-html-tags-in-labels
ghost
moved this from Merge in Progress
to Changes Requested
in Pull Requests Dashboard
ghost
dismissed
eduard13’s stale review
Pull Request state was updated. Re-review required.
…ibute-can-save-with-html-tags-in-labels # Conflicts # app/code/Magento/Catalog/Test/Mftf/Section/AdminCreateProductAttributeSection.xml
ghost
moved this from Changes Requested
to Ready for Testing
in Pull Requests Dashboard
|
Hi @eduard13, thank you for the review. |
|
@magento run Functional Tests CE, Functional Tests EE, Functional Tests B2B |
slavvka
moved this from Ready for Testing
to Testing in Progress
in Pull Requests Dashboard
ghost
added
Progress: testing in progress
and removed
Progress: ready for testing
labels
slavvka
moved this from Testing in Progress
to Merge in Progress
in Pull Requests Dashboard
|
Hi @slavvka, thank you for the review. |
|
Hi @vasilii-b, thank you for your contribution! |
vasilii-b
deleted the
admin-area-product-attribute-can-save-with-html-tags-in-labels
branch
Description (*)
This PR adds changes to prevent the store owner to create product attributes which labels contain HTML tags.
HTML tags can be added to the following fields:
ℹ️ It doesn't make sense to allow HTML tags since those are escaped at the view level.
E.g.
magento2/app/code/Magento/LayeredNavigation/view/frontend/templates/layer/view.phtml
Line 37 in ac3eb00
Desired result
At the moment the store owner tries to save the attribute, the labels validation must happen and error messages shown to the user that HTML tags are not allowed.
Related Pull Requests
N/A
Fixed Issues (if relevant)
N/A
Manual testing scenarios (*)
Without the fix
<span>With the fix
<span>Questions or comments
MFTF tests are on the way
Contribution checklist (*)