-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation of individual properties in meta content attributes #4070
Comments
This would be one more case where the move to error objects instead of error strings&arrays would make sense. Error objects could have an arbitrary number of additional properties and associated logic. |
Agreed. However, We can implement this using primitives in the immediate term, and then we can let the requirements help inform the refactor for the next version. |
A good theme to test with this is brovy. The meta viewport added by the theme is: <meta name="viewport" content="width=device-width, initial-scale=1, user-scalabe=no"> So the invalid properties are causing the |
Feature description
Split out from #3758 via the conversation with @schlessera in #3758 (comment):
This is in relation to this code:
amp-wp/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
Lines 1155 to 1159 in a7e0497
Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
meta[viewport]
should not result in the entire attribute being removed, if there are other valid properties.meta[content]
attribute.Implementation brief
Instead of raising one single
DISALLOWED_PROPERTY_IN_ATTR_VALUE
for the entiremeta[content]
attribute and then causing the entirecontent
attribute to be removed, we instead need to:DISALLOWED_PROPERTY_IN_ATTR_VALUE
validation error for each individual property in thecontent
attribute.content
attribute if the validation error if\AMP_Base_Sanitizer::should_sanitize_validation_error()
returnstrue
.What this means is that the
\AMP_Tag_And_Attribute_Sanitizer::sanitize_disallowed_attribute_values_in_node()
method will need to be augmented to not simply return a list of[ $attr_node, $error_code ]
tuples. I the case of invalid properties, it will also need to return[ $attr_node, self::DISALLOWED_PROPERTY_IN_ATTR_VALUE, $property_name, $property_value ]
.This resulting list of
$disallowed_attributes
will then need to be iterated over in theforeach ( $disallowed_attributes as $disallowed_attribute ) {…}
here:amp-wp/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
Lines 667 to 695 in a7e0497
Where instead of calling the
\AMP_Base_Sanitizer::remove_invalid_attribute()
, there would need to be a direct call toAMP_Base_Sanitizer::should_sanitize_validation_error()
and if it returns true, update the value of the attribute to omit that invalid property.QA testing instructions
Demo
Changelog entry
The text was updated successfully, but these errors were encountered: