Fix 8166 html tag validation #8176
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
| if($tw.config.htmlUnsafeElements.indexOf(this.tag) !== -1) { | ||
| this.tag = "safe-" + this.tag; | ||
| } | ||
| this.tag = $tw.utils.makeTagNameSafe(this.tag, "safe" + this.tag); |
There was a problem hiding this comment.
The original code here was attempting to sanitise the tag name provided by the user. This is in contrast to the behaviour of the helper function which is to fall back to a default if the provided tag name is not valid.
I think one approach or there other should be used consistently across the board. I'd favour the sanitising approach.
There was a problem hiding this comment.
The logic does only sanitise the tag if it is not valid. That's exactly, what the new code does
| @@ -200,7 +197,7 @@ FramedEngine.prototype.handleFocusEvent = function(event) { | |||
| Handle a keydown event | |||
| */ | |||
| FramedEngine.prototype.handleKeydownEvent = function(event) { | |||
| if ($tw.keyboardManager.handleKeydownEvent(event, {onlyPriority: true})) { | |||
| if($tw.keyboardManager.handleKeydownEvent(event, {onlyPriority: true})) { | |||
There was a problem hiding this comment.
There's quite a few whitespace changes in this PR that make it hard to follow. I'd welcome separate PRs to handle whitespace changes.
There was a problem hiding this comment.
It think, they have been automatically changed by VSCode on file save because of the global eslint settings. This behaviour started for me as eslint was defined under devDependencies in package.json
| exports.makeTagNameSafe = function(tag,defaultTag) { | ||
| defaultTag = defaultTag || "SPAN"; | ||
| // This implements a check for standard DOM elements: https://html.spec.whatwg.org/#syntax-tag-name | ||
| // It does _not_ deal with Custom Elements: https://html.spec.whatwg.org/#valid-custom-element-name |
There was a problem hiding this comment.
I think we should allow for custom elements.
This PR fixes #8166
It adds a new function to
$tw.utils.makeTagNameSafe(tag, defaultTag)It replaces all the hardcoded checks using
if(complex logic)with a simple to read function call