-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unrecognized elements are silently removed without validation error reporting #1100
Comments
Question About remove_invalid_child() Hi @westonruter, I'm probably not understanding this. But it looks like when |
I think I understand this now 😄 |
Recreating the IssueUsing this HTML in a new post: <h2>Finds and reports these invalid elements</h2>
<imgs src="/none.jpg" width="100" height="100" alt="None"></imgs>
<baz class="baz"><p>Invalid baz parent element.</p></baz>
<h2>Silently removes these elements</h2>
<foo class="foo">Invalid baz tag.</foo>
<foobaz class="foobaz"><zab>Invalid <span>nested elements</span></zab></foobaz>
<bazbar invalid="bazbar"><span>Is an invalid "bar" tag.</span></bazbar>
<div class="parent">
<p>Nesting valid and invalid elements.</p>
<invalid class="invalid">Is an invalid "invalid" tag</invalid>
<bazfoo class="bazfoo">Is an invalid "foo" tag <p id="testing-id" style="width: 100px">This should pass.</p></bazfoo>
</div>
<ul>
<li>hello</li>
<lili>world</lili>
</ul> Then publish the post. Results
Tracing Issue via XdebugThe 2 invalid elements that were caught flowed into The other invalid elements that were not caught flowed into the Possible ProblemThere is no validation error being generated in the |
Closes #1100. Fixes the problem of silently removing unrecognized elements. Uses the same code pattern and methodology as `remove_invalid_child`: - Prevent double-reporting nodes that are rejected. - Check through should_sanitize_validation_error(). - Replace if true. - Else, store in the `should_not_replace_nodes` property.
Moving To "Ready For Merging" If it's alright, I'm moving this to "Ready For Merging." If you think this could use functional testing, feel free to move it back. |
When coming across an element that is not recognized at all, the following code in
process_node
will be invoked:https://github.com/Automattic/amp-wp/blob/1e2cd22f1bfe8ab9d833c901e02111120f52fe72/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php#L284-L292
In the call to
replace_node_with_children
it will callremove_node
instead ofremove_invalid_child
, and only the latter will report the removal. This needs to be improved to report invalidity when it is being removed for that reason.The text was updated successfully, but these errors were encountered: