Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Late escape comment blocks #37860

Merged
merged 16 commits into from
Jan 13, 2022
Merged

Late escape comment blocks #37860

merged 16 commits into from
Jan 13, 2022

Conversation

getdave
Copy link
Contributor

@getdave getdave commented Jan 11, 2022

Description

This is not a security problem.

This PR simply moves escaping of all PHP output to be as "late" as possible. This means we avoid escaping variables until they are output in the HTML markup.

This is a WP Core best practice.

How has this been tested?

Check all comments blocks work "as was".

Check all tests continue to pass.

Screenshots

Types of changes

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • I've tested my changes with keyboard and screen readers.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR (please manually search all *.native.js files for terms that need renaming or removal).
  • I've updated related schemas if appropriate.

@getdave getdave added [Type] Code Quality Issues or PRs that relate to code quality [Block] Post Comments Count Affects the Post Comments Count Block [Block] Comments Affects the Comments Block - formerly known as Comments Query Loop [Type] Security Related to security concerns or efforts [Block] Comment Template Affects the Comment Template Block [Block] Comments (legacy) The legacy mode of the Comments block (formerly known as Post Comments) labels Jan 11, 2022
@getdave getdave requested a review from ajitbohra as a code owner January 11, 2022 10:44
@getdave getdave self-assigned this Jan 11, 2022
@getdave getdave removed [Block] Post Comments Count Affects the Post Comments Count Block [Block] Comments Affects the Comments Block - formerly known as Comments Query Loop [Block] Comments (legacy) The legacy mode of the Comments block (formerly known as Post Comments) labels Jan 11, 2022
@getdave
Copy link
Contributor Author

getdave commented Jan 11, 2022

Looks like escaping has caused tests to fail. Perhaps I"m being over zealous here?

@getdave getdave changed the title Update comment blocks to use late escaping Late escape comment blocks Jan 11, 2022
cbravobernal
cbravobernal previously approved these changes Jan 12, 2022
View reviewed changes
Copy link
Contributor

@cbravobernal cbravobernal left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: after the last review done by @swissspidy , it seems that it is not ready for approval 🙇🏻‍♂️

@cbravobernal cbravobernal self-requested a review January 12, 2022 12:49
@getdave getdave dismissed cbravobernal’s stale review January 12, 2022 15:50

There are still changes required here.

@getdave
Copy link
Contributor Author

getdave commented Jan 12, 2022

@c4rl0sbr4v0 I've dismissed your review in order that this doens't get merged when it's not yet finished. Much appreciated.

@getdave
Copy link
Contributor Author

getdave commented Jan 13, 2022

@swissspidy They changeset is now pretty limited. Let me know what you think.

@getdave getdave requested a review from swissspidy January 13, 2022 06:26
@getdave
Copy link
Contributor Author

getdave commented Jan 13, 2022

Thank your time and patience @swissspidy and @aristath.

@getdave getdave merged commit 0dfecd2 into trunk Jan 13, 2022
@getdave getdave deleted the update/comment-blocks-late-escaping branch January 13, 2022 14:06
@github-actions github-actions bot added this to the Gutenberg 12.5 milestone Jan 13, 2022
@getdave getdave mentioned this pull request Feb 7, 2022
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swissspidy swissspidy swissspidy approved these changes

@aristath aristath aristath approved these changes

@ehti ehti Awaiting requested review from ehti

@hellofromtonya hellofromtonya Awaiting requested review from hellofromtonya

@ajitbohra ajitbohra Awaiting requested review from ajitbohra ajitbohra is a code owner

@michalczaplinski michalczaplinski Awaiting requested review from michalczaplinski

@DAreRodz DAreRodz Awaiting requested review from DAreRodz

@cbravobernal cbravobernal Awaiting requested review from cbravobernal

Assignees

@getdave getdave

Labels
[Block] Comment Template Affects the Comment Template Block [Type] Code Quality Issues or PRs that relate to code quality [Type] Security Related to security concerns or efforts
Projects
None yet
Milestone
Gutenberg 12.5
Development

Successfully merging this pull request may close these issues.
4 participants
@getdave @aristath @swissspidy @cbravobernal