Merge branch 'develop' into trunk

10up · Jun 21, 2023 · 435d077 · 435d077
2 parents d0602a8 + b6f21af
commit 435d077
Show file tree

Hide file tree

Showing 28 changed files with 4,434 additions and 3,277 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,8 @@
+# These owners will be the default owners for everything in the repo. Unless a later match takes precedence, @10up/open-source-practice, as primary maintainers will be requested for review when someone opens a Pull Request.
+*                   @10up/open-source-practice
+
+# GitHub and WordPress.org specifics
+/.github/           @jeffpaul
+/.wordpress-org/    @jeffpaul
+CODE_OF_CONDUCT.md  @jeffpaul
+LICENSE.md          @jeffpaul
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -16,5 +16,9 @@ jobs:
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v1
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          license-check: true
+          vulnerability-check: false
+          config-file: 10up/.github/.github/dependency-review-config.yml@trunk
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 node_modules
 npm-debug.log
+dist/
 
 # Mac OSX
 .DS_Store

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [1.1.0] - 2023-06-21
+### Added
+- `View element` link to highlight and auto-scroll to the insecure element (props [@cadic](https://github.com/cadic), [@peterwilsoncc](https://github.com/peterwilsoncc), [@psorensen](https://github.com/psorensen), [@adamsilverstein](https://github.com/adamsilverstein), [@dkotter](https://github.com/dkotter) via [#73](https://github.com/10up/insecure-content-warning/pull/73)).
+
+### Changed
+- Bump WordPress "tested up to" version 6.2 (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh) via [#117](hthttps://github.com/10up/insecure-content-warning/pull/117)).
+- Update the Dependency Review GitHub Action (props [@jeffpaul](https://github.com/jeffpaul), [@Sidsector9](https://github.com/Sidsector9) via [#122](https://github.com/10up/insecure-content-warning/pull/122)).
+
+### Fixed
+- Update dependencies of javascript assets (props [@cadic](https://github.com/cadic), [@peterwilsoncc](https://github.com/peterwilsoncc), [@psorensen](https://github.com/psorensen), [@adamsilverstein](https://github.com/adamsilverstein), [@dkotter](https://github.com/dkotter) via [#73](https://github.com/10up/insecure-content-warning/pull/73)).
+- Ensure that HTML blocks and converted classic editor blocks are correctly checked for insecure content (props [@nateconley](https://github.com/nateconley), [@Sidsector9](https://github.com/Sidsector9) via [#108](https://github.com/10up/insecure-content-warning/pull/108)).
+
+### Security
+- Bump `simple-git` from 3.15.1 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#107](https://github.com/10up/insecure-content-warning/pull/107)).
+- Bump `json5` from 1.0.1 to 1.0.2 (props [@dependabot](https://github.com/apps/dependabot) via [#110](https://github.com/10up/insecure-content-warning/pull/110)).
+- Bump `ua-parser-js` from 1.0.2 to 1.0.33 and `browser-sync` from 2.27.11 to 2.28.1 (props [@dependabot](https://github.com/apps/dependabot) via [#111](https://github.com/10up/insecure-content-warning/pull/111)).
+- Bump `engine.io` from 6.4.1 to 6.4.2 (props [@dependabot](https://github.com/apps/dependabot) via [#119](https://github.com/10up/insecure-content-warning/pull/119)).
+- Bump `socket.io-parser` from 4.2.2 to 4.2.3 (props [@dependabot](https://github.com/apps/dependabot) via [#121](https://github.com/10up/insecure-content-warning/pull/121)).
+
 ## [1.0.3] - 2023-01-09
 **Note that this release bumps the WordPress minimum version from 5.3 to 5.7 and the PHP minimum version from 7.0 to 7.4.**
 
@@ -51,6 +70,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial public release! 🎉
 
 [Unreleased]: https://github.com/10up/insecure-content-warning/compare/trunk...develop
+[1.1.0]: https://github.com/10up/insecure-content-warning/compare/1.0.3...1.1.0
 [1.0.3]: https://github.com/10up/insecure-content-warning/compare/1.0.2...1.0.3
 [1.0.2]: https://github.com/10up/insecure-content-warning/compare/1.0.1...1.0.2
 [1.0.1]: https://github.com/10up/insecure-content-warning/compare/1.0.0...1.0.1

diff --git a/CREDITS.md b/CREDITS.md
@@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Max Lyuchin (@cadic)](https://github.com/cadic).
+[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Max Lyuchin (@cadic)](https://github.com/cadic), [Nate Conley (@nateconley)](https://github.com/nateconley), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot).
 
 ## Libraries
 

diff --git a/config/webpack.config.common.js b/config/webpack.config.common.js
@@ -6,6 +6,7 @@ const MiniCssExtractPlugin = require('mini-css-extract-plugin');
 const StyleLintPlugin = require('stylelint-webpack-plugin');
 const WebpackBar = require('webpackbar');
 const ImageminPlugin = require('imagemin-webpack-plugin').default;
+const DependencyExtractorWebpackPlugin = require('@wordpress/dependency-extraction-webpack-plugin');
 
 const isProduction = process.env.NODE_ENV === 'production';
 
@@ -47,7 +48,6 @@ module.exports = {
 
 	// External objects.
 	externals: {
-		jquery: 'jQuery',
 		lodash: 'lodash',
 		_: 'underscore',
 	},
@@ -154,5 +154,15 @@ module.exports = {
 
 		// Fancy WebpackBar.
 		new WebpackBar(),
+
+		new DependencyExtractorWebpackPlugin( {
+			injectPolyfill: false,
+			combineAssets: false,
+			requestToExternal( request ) {
+				if ( request === 'underscore' ) {
+					return '_';
+				}
+			},
+		} ),
 	],
 };
diff --git a/config/webpack.settings.js b/config/webpack.settings.js
@@ -7,6 +7,7 @@ module.exports = {
 
 		// CSS files.
 		'admin-style': './src/css/admin.css',
+		'editor-style': './src/css/editor.css',
 	},
 	filename: {
 		js: 'js/[name].js',

diff --git a/dist/css/admin-style.css b/dist/css/admin-style.css
diff --git a/dist/js/classic-editor.js b/dist/js/classic-editor.js
diff --git a/dist/js/gutenberg.js b/dist/js/gutenberg.js
diff --git a/includes/assets.php b/includes/assets.php
@@ -14,6 +14,8 @@ function setup() {
 	add_action( 'init', __NAMESPACE__ . '\\load_translations' );
 	add_action( 'enqueue_block_editor_assets', __NAMESPACE__ . '\\block_editor_scripts' );
 	add_action( 'admin_enqueue_scripts', __NAMESPACE__ . '\\enqueue_scripts' );
+	add_filter( 'mce_css', __NAMESPACE__ . '\\mce_css' );
+	add_action( 'admin_notices', __NAMESPACE__ . '\\compile_script_notice' );
 }
 
 /**
@@ -30,13 +32,24 @@ function load_translations() {
  * Enqueue editor-only JavaScript/CSS
  */
 function block_editor_scripts() {
-	wp_enqueue_script(
-		'insecure-content-gutenberg',
-		INSECURE_CONTENT_URL . 'dist/js/gutenberg.js',
-		array( 'wp-components', 'wp-data', 'wp-dom', 'wp-editor', 'wp-element', 'wp-edit-post', 'wp-i18n', 'wp-plugins' ),
-		INSECURE_CONTENT_VERSION,
-		true
-	);
+	$asset_file = INSECURE_CONTENT_PATH . 'dist/js/gutenberg.asset.php';
+	if ( file_exists( $asset_file ) ) {
+		$asset = require_once $asset_file;
+		wp_enqueue_script(
+			'insecure-content-gutenberg',
+			INSECURE_CONTENT_URL . 'dist/js/gutenberg.js',
+			$asset['dependencies'],
+			$asset['version'],
+			true
+		);
+		wp_enqueue_style(
+			'insecure-content-gutenberg',
+			INSECURE_CONTENT_URL . 'dist/css/editor-style.css',
+			false,
+			$asset['version'],
+			'all'
+		);
+	}
 }
 
 /**
@@ -49,26 +62,67 @@ function enqueue_scripts( $hook = '' ) {
 		return;
 	}
 
-	wp_enqueue_script(
-		'insecure-content-admin',
-		INSECURE_CONTENT_URL . 'dist/js/classic-editor.js',
-		array( 'wp-i18n' ),
-		INSECURE_CONTENT_VERSION,
-		true
-	);
+	$asset_file = INSECURE_CONTENT_PATH . 'dist/js/classic-editor.asset.php';
+	if ( file_exists( $asset_file ) ) {
+		$asset = require_once $asset_file;
+		wp_enqueue_script(
+			'insecure-content-admin',
+			INSECURE_CONTENT_URL . 'dist/js/classic-editor.js',
+			$asset['dependencies'],
+			$asset['version'],
+			true
+		);
+
+		wp_localize_script(
+			'insecure-content-admin',
+			'insecureContentAdmin',
+			array(
+				'spinner' => admin_url( '/images/wpspin_light.gif' ),
+			)
+		);
+
+		wp_enqueue_style(
+			'insecure-content-admin',
+			INSECURE_CONTENT_URL . 'dist/css/admin-style.css',
+			false,
+			$asset['version'],
+		);
+	}
+}
+
+/**
+ * Display a notice about JS and CSS assets missing
+ *
+ * @return void
+ */
+function compile_script_notice() {
+	$asset_file = INSECURE_CONTENT_PATH . 'dist/js/gutenberg.asset.php';
 
-	wp_localize_script(
-		'insecure-content-admin',
-		'insecureContentAdmin',
-		array(
-			'spinner' => admin_url( '/images/wpspin_light.gif' ),
-		)
-	);
+	if ( file_exists( $asset_file ) ) {
+		return;
+	}
+
+	?>
+	<div class="notice notice-warning is-dismissible">
+		<?php // translators: open and close <code></code> tags. ?>
+		<p><?php printf( esc_html__( 'JavaScript and CSS required for Insecure Content Warning are missing. Looks like you are using the development version of the plugin. Please perform the build running %1$snpm install && npm run dev%2$s and reload the page.', 'insecure-content-warning' ), '<code>', '</code>' ); ?></p>
+	</div>
+	<?php
+}
+
+/**
+ * Add plugin css to the TinyMCE editor
+ *
+ * @param string $mce_css Comma-separated stylesheet URLs.
+ * @return string
+ */
+function mce_css( $mce_css = '' ) {
+
+	$url = INSECURE_CONTENT_URL . 'dist/css/editor-style.css';
+	if ( empty( $mce_css ) ) {
+		return $url;
+	}
+	$mce_css = $url . ',' . $mce_css;
 
-	wp_enqueue_style(
-		'insecure-content-admin',
-		INSECURE_CONTENT_URL . 'dist/css/admin-style.css',
-		array(),
-		INSECURE_CONTENT_VERSION,
-	);
+	return $mce_css;
 }
diff --git a/insecure-content-warning.php b/insecure-content-warning.php
@@ -3,7 +3,7 @@
  * Plugin Name:       Insecure Content Warning
  * Plugin URI:        https://wordpress.org/plugins/insecure-content-warning/
  * Description:       Prevent editors from adding insecure content in the editor.
- * Version:           1.0.3
+ * Version:           1.1.0
  * Requires at least: 5.7
  * Requires PHP:      7.4
  * Author:            10up
@@ -22,7 +22,7 @@
 define( 'INSECURE_CONTENT_TEMPLATE_URL', get_template_directory_uri() );
 define( 'INSECURE_CONTENT_PATH', __DIR__ . DIRECTORY_SEPARATOR );
 define( 'INSECURE_CONTENT_INC', INSECURE_CONTENT_PATH . 'includes' . DIRECTORY_SEPARATOR );
-define( 'INSECURE_CONTENT_VERSION', '1.0.3' );
+define( 'INSECURE_CONTENT_VERSION', '1.1.0' );
 
 require_once INSECURE_CONTENT_INC . 'assets.php';
 require_once INSECURE_CONTENT_INC . 'rest.php';