Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Admin] Do not allow HTML tags for the Product Attribute labels on save #27371

Merged
merged 11 commits into from Mar 29, 2020
Merged

[Admin] Do not allow HTML tags for the Product Attribute labels on save #27371

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
7600c7c
product attribute - deny HTML tags for labels
Mar 20, 2020
6cbfa77
fix code style failed tests
Mar 20, 2020
b4b22a4
fix code style failed tests
Mar 21, 2020
2e3128f
Added the MFTF test that checks attribute won't save with HTML tags i…
Mar 21, 2020
03e3efb
Merge branch '2.4-develop' of https://github.com/magento/magento2 int…
Mar 22, 2020
ae2038e
Refactored the MFTF tests according to the review
Mar 22, 2020
ad0844e
Merge branch '2.4-develop' of https://github.com/magento/magento2 int…
Mar 23, 2020
32b6ce6
improved the MFTF tests
Mar 23, 2020
196e353
refactored MFTF tests
Mar 23, 2020
6b6a2f7
refactored MFTF tests
Mar 23, 2020
8cdcbbd
merge remote tracking origin/2.4-develop into admin-area-product-attr…
Mar 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 16 additions & 0 deletions ...to/Catalog/Test/Mftf/ActionGroup/AdminFillProductAttributeDefaultStoreViewActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->
<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AdminFillProductAttributeDefaultStoreViewActionGroup">
<arguments>
<argument name="value" type="string"/>
</arguments>
<fillField selector="{{AdminProductAttributeManageLabelsSection.DefaultStoreLabel}}" userInput="{{value}}" stepKey="fillDefaultStoreViewLabel"/>
</actionGroup>
</actionGroups>
19 changes: 19 additions & 0 deletions ...gento/Catalog/Test/Mftf/ActionGroup/AdminNavigateToNewProductAttributePageActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AdminNavigateToNewProductAttributePageActionGroup">
<annotations>
<description>Go to the create new product attribute page</description>
</annotations>

<amOnPage url="{{ProductAttributePage.url}}" stepKey="goToNewProductAttributePage"/>
<waitForPageLoad stepKey="waitForAttributePageLoad"/>
</actionGroup>
</actionGroups>
21 changes: 21 additions & 0 deletions ...e/Magento/Catalog/Test/Mftf/ActionGroup/AdminProductAttributePageSwitchTabActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AdminProductAttributePageSwitchTabActionGroup">
<annotations>
<description>Switches the active tab on the Product Attribute New/Edit Page</description>
</annotations>
<arguments>
<argument name="tabName" type="string"/>
</arguments>

<click selector="{{AdminEditProductAttributesSection.tabButton(tabName)}}" stepKey="changeProductAttributeActiveTab"/>
</actionGroup>
</actionGroups>
20 changes: 20 additions & 0 deletions app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminSaveProductAttributeActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AdminSaveProductAttributeActionGroup">
<annotations>
<description>Clicks on Save button to save the attribute.</description>
</annotations>

<waitForElementVisible selector="{{AttributePropertiesSection.Save}}" stepKey="waitForSaveButton"/>
<click selector="{{AttributePropertiesSection.Save}}" stepKey="clickSaveButton"/>
<waitForPageLoad stepKey="waitForAttributeToSave"/>
</actionGroup>
</actionGroups>
22 changes: 22 additions & 0 deletions ...Mftf/ActionGroup/AssertSeeProductAttributeValidationErrorOnManageLabelsTabActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AssertSeeProductAttributeValidationErrorOnManageLabelsTabActionGroup">
<annotations>
<description>Check whenever the validation error is present for the product attribute in the "Manage Labels" Tab</description>
</annotations>

<arguments>
<argument name="message" type="string"/>
</arguments>

<see userInput="{{message}}" selector="{{AdminProductAttributeManageLabelsSection.attributeStoreLabelValidationError}}" stepKey="seeValidationMessage"/>
</actionGroup>
</actionGroups>
22 changes: 22 additions & 0 deletions ...t/Mftf/ActionGroup/AssertSeeProductAttributeValidationErrorOnPropertiesTabActionGroup.xml
View file
Open in desktop
@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
<actionGroup name="AssertSeeProductAttributeValidationErrorOnPropertiesTabActionGroup">
<annotations>
<description>Check whenever the validation error is present for the product attribute in the "Properties" Tab</description>
</annotations>

<arguments>
<argument name="message" type="string"/>
</arguments>

<see userInput="{{message}}" selector="{{AttributePropertiesSection.attributeLabelValidationError}}" stepKey="seeValidationMessage"/>
</actionGroup>
</actionGroups>
5 changes: 5 additions & 0 deletions app/code/Magento/Catalog/Test/Mftf/Data/ProductAttributeData.xml
View file
Open in desktop
Expand Up @@ -402,6 +402,11 @@
<data key="frontend_label">Size</data>
<data key="attribute_code" unique="suffix">size_attr</data>
</entity>
<entity name="productAttributeWithHtmlTagsInLabel" extends="newProductAttribute" type="ProductAttribute">
<data key="default_label" unique="suffix">Attribute Default label &lt;span&gt;</data>
<data key="default_store_label" unique="suffix">Attribute Store label &lt;span&gt; </data>
<data key="frontend_input">text</data>
</entity>
<!-- Product attribute from file "export_import_configurable_product.csv" -->
<entity name="ProductAttributeWithTwoOptionsForExportImport" extends="productAttributeDropdownTwoOptions" type="ProductAttribute">
<data key="attribute_code">attribute</data>
Expand Down
1 change: 1 addition & 0 deletions app/code/Magento/Catalog/Test/Mftf/Page/AdminProductAttributeFormPage.xml
View file
Open in desktop
Expand Up @@ -9,5 +9,6 @@
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Page/etc/PageObject.xsd">
<page name="ProductAttributePage" url="catalog/product_attribute/new/" area="admin" module="Catalog">
<section name="AdminCreateProductAttributeSection"/>
<section name="AdminProductAttributeManageLabelsSection"/>
</page>
</pages>
1 change: 1 addition & 0 deletions ...talog/Test/Mftf/Section/AdminCreateProductAttributeSection/AttributePropertiesSection.xml
View file
Open in desktop
Expand Up @@ -29,5 +29,6 @@
<element name="dropdownNthOptionAdmin" type="textarea" selector="tbody[data-role='options-container'] tr:nth-child({{var}}) td:nth-child(3) input" parameterized="true"/>
<element name="dropdownNthOptionDefaultStoreView" type="textarea" selector="tbody[data-role='options-container'] tr:nth-child({{var}}) td:nth-child(4) input" parameterized="true"/>
<element name="dropdownNthOptionDelete" type="button" selector="tbody[data-role='options-container'] tr:nth-child({{var}}) button[title='Delete']" parameterized="true"/>
<element name="attributeLabelValidationError" type="text" selector=".field-attribute_label .mage-error"/>
</section>
</sections>
1 change: 1 addition & 0 deletions app/code/Magento/Catalog/Test/Mftf/Section/AdminEditProductAttributesSection.xml
View file
Open in desktop
Expand Up @@ -22,5 +22,6 @@
<element name="ProductDataMayBeLostConfirmButton" type="button" selector="//aside[contains(@class,'_show')]//button[.='Change Input Type']"/>
<element name="defaultLabel" type="text" selector="//td[contains(text(), '{{attributeName}}')]/following-sibling::td[contains(@class, 'col-frontend_label')]" parameterized="true"/>
<element name="formByStoreId" type="block" selector="//form[contains(@action,'store/{{store_id}}')]" parameterized="true"/>
<element name="tabButton" type="text" selector="#product_attribute_tabs a[title='{{tabName}}']" parameterized="true"/>
</section>
</sections>
15 changes: 15 additions & 0 deletions app/code/Magento/Catalog/Test/Mftf/Section/AdminProductAttributeManageLabelsSection.xml
View file
Open in desktop
@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<sections xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Page/etc/SectionObject.xsd">
<section name="AdminProductAttributeManageLabelsSection">
<element name="DefaultStoreLabel" type="input" selector="#attribute-labels-table [name='frontend_label[1]']"/>
<element name="attributeStoreLabelValidationError" type="text" selector="#attribute-labels-table .mage-error"/>
</section>
</sections>
56 changes: 56 additions & 0 deletions app/code/Magento/Catalog/Test/Mftf/Test/AdminProductAttributeLabelDontAllowHtmlTagsTest.xml
View file
Open in desktop
@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
<test name="AdminProductAttributeLabelDontAllowHtmlTagsTest">
<annotations>
<features value="Catalog"/>
<stories value="Product Attribute label must not contain HTML tags"/>
<title value="Product Attribute label musts not contain HTML tags"/>
<description value="Test whenever HTML tags are allowed for a product attribute label"/>
<severity value="CRITICAL"/>
<group value="catalog"/>
</annotations>
<before>
<actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
</before>
<after>
<actionGroup ref="AdminLogoutActionGroup" stepKey="logoutAdmin"/>
</after>

<actionGroup ref="AdminNavigateToNewProductAttributePageActionGroup" stepKey="openProductAttributePage"/>

<actionGroup ref="AdminFillProductAttributePropertiesActionGroup" stepKey="fillAttributeDefaultLabel">
<argument name="attributeName" value="{{productAttributeWithHtmlTagsInLabel.default_label}}"/>
<argument name="attributeType" value="{{productAttributeWithHtmlTagsInLabel.frontend_input}}" />
</actionGroup>

<actionGroup ref="AdminProductAttributePageSwitchTabActionGroup" stepKey="makeManageLabelsTabActive">
<argument name="tabName" value="Manage Labels"/>
</actionGroup>

<actionGroup ref="AdminFillProductAttributeDefaultStoreViewActionGroup" stepKey="fillAttributeDefaultStoreViewLabel">
<argument name="value" value="{{productAttributeWithHtmlTagsInLabel.default_store_label}}"/>
</actionGroup>

<actionGroup ref="AdminSaveProductAttributeActionGroup" stepKey="saveAttribute"/>

<actionGroup ref="AssertSeeProductAttributeValidationErrorOnManageLabelsTabActionGroup" stepKey="validateAttributeStoreViewLabelForHtmlTags">
<argument name="message" value="HTML tags are not allowed"/>
</actionGroup>

<actionGroup ref="AdminProductAttributePageSwitchTabActionGroup" stepKey="makePropertiesTabActive">
<argument name="tabName" value="Properties"/>
</actionGroup>

<actionGroup ref="AssertSeeProductAttributeValidationErrorOnPropertiesTabActionGroup" stepKey="validateAttributeLabelForHtmlTags">
<argument name="message" value="HTML tags are not allowed"/>
</actionGroup>
</test>
</tests>
10 changes: 6 additions & 4 deletions app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/labels.phtml
View file
Open in desktop
Expand Up @@ -19,21 +19,23 @@
<table class="admin__control-table" id="attribute-labels-table">
<thead>
<tr>
<?php foreach ($block->getStores() as $_store) :?>
<?php foreach ($block->getStores() as $_store): ?>
<th class="col-store-view"><?= $block->escapeHtml($_store->getName()) ?></th>
<?php endforeach; ?>
</tr>
</thead>
<tbody>
<tr>
<?php $_labels = $block->getLabelValues() ?>
<?php foreach ($block->getStores() as $_store) :?>
<?php foreach ($block->getStores() as $_store): ?>
<td class="col-store-view">
<input class="input-text<?php if ($_store->getId() == \Magento\Store\Model\Store::DEFAULT_STORE_ID) :?> required-option<?php endif; ?>"
<?php $isRequired = $_store->getId() == \Magento\Store\Model\Store::DEFAULT_STORE_ID; ?>
<?php $isRequiredClass = $isRequired ? 'required-option' : ''; ?>
<input class="input-text validate-no-html-tags <?= /* @noEscape */ $isRequiredClass ?>"
type="text"
name="frontend_label[<?= $block->escapeHtmlAttr($_store->getId()) ?>]"
value="<?= $block->escapeHtmlAttr($_labels[$_store->getId()]) ?>"
<?php if ($block->getReadOnly()) :?>
<?php if ($block->getReadOnly()): ?>
disabled="disabled"
<?php endif;?>/>
</td>
Expand Down
1 change: 1 addition & 0 deletions app/code/Magento/Catalog/view/adminhtml/ui_component/product_attribute_add_form.xml
View file
Open in desktop
Expand Up @@ -63,6 +63,7 @@
<required>true</required>
<validation>
<rule name="required-entry" xsi:type="boolean">true</rule>
<rule name="validate-no-html-tags" xsi:type="boolean">true</rule>
</validation>
<dataType>string</dataType>
<label translate="true">Attribute Label</label>
Expand Down
6 changes: 4 additions & 2 deletions app/code/Magento/Eav/Block/Adminhtml/Attribute/Edit/Main/AbstractMain.php
View file
Open in desktop
Expand Up @@ -130,7 +130,8 @@ protected function _prepareForm()
'label' => __('Default Label'),
'title' => __('Default label'),
'required' => true,
'value' => is_array($labels) ? $labels[0] : $labels
'value' => is_array($labels) ? $labels[0] : $labels,
'class' => 'validate-no-html-tags',
]
);

Expand Down Expand Up @@ -282,7 +283,8 @@ protected function _initFormValues()
* Adding js block to the end of this block
*
* @param string $html
* @return string
*
* @return string
*/
protected function _afterToHtml($html)
{
Expand Down