From df94b485d4345eed2ef6f01037facbd21c1fb2c5 Mon Sep 17 00:00:00 2001 From: Riad Benguella Date: Thu, 1 Jun 2023 10:37:05 +0100 Subject: [PATCH] Prevent freeform and shortcode blocks from converting HTML entities (#51123) --- packages/block-library/src/freeform/block.json | 2 +- packages/block-library/src/shortcode/block.json | 2 +- .../e2e-tests/specs/editor/various/invalid-block.test.js | 5 +---- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/packages/block-library/src/freeform/block.json b/packages/block-library/src/freeform/block.json index 84b57b75326c0a..809b7319c1888e 100644 --- a/packages/block-library/src/freeform/block.json +++ b/packages/block-library/src/freeform/block.json @@ -9,7 +9,7 @@ "attributes": { "content": { "type": "string", - "source": "html" + "source": "raw" } }, "supports": { diff --git a/packages/block-library/src/shortcode/block.json b/packages/block-library/src/shortcode/block.json index 5b36d141dd93eb..04444fb292c800 100644 --- a/packages/block-library/src/shortcode/block.json +++ b/packages/block-library/src/shortcode/block.json @@ -9,7 +9,7 @@ "attributes": { "text": { "type": "string", - "source": "html" + "source": "raw" } }, "supports": { diff --git a/packages/e2e-tests/specs/editor/various/invalid-block.test.js b/packages/e2e-tests/specs/editor/various/invalid-block.test.js index ad08ac2f4c6b44..2f24db5e067b7d 100644 --- a/packages/e2e-tests/specs/editor/various/invalid-block.test.js +++ b/packages/e2e-tests/specs/editor/various/invalid-block.test.js @@ -75,7 +75,7 @@ describe( 'invalid blocks', () => { expect( hasAlert ).toBe( false ); } ); - it( 'should strip potentially malicious script tags', async () => { + it( 'should not trigger malicious script tags when using a shortcode block', async () => { let hasAlert = false; page.on( 'dialog', () => { @@ -94,9 +94,6 @@ describe( 'invalid blocks', () => { // Give the browser time to show the alert. await page.evaluate( () => new Promise( window.requestIdleCallback ) ); - - expect( console ).toHaveWarned(); - expect( console ).toHaveErrored(); expect( hasAlert ).toBe( false ); } ); } );