JSON formatting issues with the Shopify Github Integration

[eddysims]

Describe the bug

When using the shopify github integration, I am getting back file urls as an escaped string. Then when running prettier, it is removing the \ from the url.

Unformatted source

shopify:\/\/shop_images\/Logo_2bb829935e.webp

Expected output

shopify:\/\/shop_images\/Logo_2bb829935e.webp

Actual output

shopify://shop_images/Logo_2bb829935e.webp

Debugging information

• OS [e.g. Windows, Mac, Linux]
• Version [e.g. 0.1.0]

Additional context

Here is my prettier config:

//.prettierrc.json
{
  "printWidth": 120,
  "singleQuote": true,
  "overrides": [
    {
      "files": "*.liquid",
      "options": {
        "singleQuote": false
      }
    }
  ],
  "plugins": ["@shopify/prettier-plugin-liquid", "prettier-plugin-tailwindcss"]
}

[charlespwd]

Known issue, getting fixed soon 🙏 It's a platform thing. The platform was putting them there to avoid XSS attacks in the case the JSON was dumped in an HTML document.

e.g.

{
  "thing": "</script><script>console.log('hello world');</script>"
}

<html>
  <script type="application/json">
    {
      "thing": "</script><script>console.log('hello world');</script>"
    }
  </script>
</html>

That would actually run the code in the JSON document here. The fix? Backslash all the / in the JSON doc so that the script can't run when dumped in the HTML doc.

{
  "thing": "<\/script><script>console.log('hello world');<\/script>"
}

<html>
problem solved!
  <script type="application/json">
    {
      "thing": "<\/script><script>console.log('hello world');<\/script>"
    }
  </script>
</html>

Thing is, most of our "platform JSON" docs you can't dump directly into your HTML docs, so it's an unnecessary precaution. But we gotta do it carefully.

[charlespwd]

Closing as duplicate

[eddysims]

@charlespwd I see you closed this as duplicate. Do you have a reference to another place I can follow along with this?

[charlespwd]

It's an internal issue. Afraid I can't. This is a platform bug :/ the prettier plugin is working as intended 😅

It is on our roadmap to fix this though. You're definitely not the only one annoyed by that.

[knjshimi]

Hey @charlespwd , so it's completely fine to let prettier format the json file (unescaping forward dashes) when working with local themes, right?

[eddysims]

@charlespwd Thank you for the update

[zrisher]

Wish this wasn't closed. Had the same issue, took a while to find this because it wasn't listed as an open issue.

Even if Shopify has an internal issue to track this, it's helpful to keep it open for the general public to track until it is fixed.

[charlespwd]

Fair!

[NathanRutilyDev]

Hello there, i've still got this issue on HTML tag escaped like this :

What Shopify's waiting :

"results_use_fewer_filters_html": "Use fewer filters or <a class=\"{{ class }}\" href=\"{{ link }}\">remove all<\/a>"

Prettier output :

"results_use_fewer_filters_html": "Use fewer filters or <a class=\"{{ class }}\" href=\"{{ link }}\">remove all</a>"

And the problem is when I do a CLI command like shopify theme dev --theme-editor-sync, it keeps getting .json files with these HTML escape, prettier format it and send it again, and it does an infinite loop .. 😢