Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix/53: check content for Ctrl+S and Command+S #56

Merged
merged 7 commits into from
Aug 10, 2023
Merged

fix/53: check content for Ctrl+S and Command+S #56

merged 7 commits into from
Aug 10, 2023

Conversation

Sidsector9
Copy link
Member

@Sidsector9 Sidsector9 commented Aug 16, 2021

Closes #53

Description of the Change

This PR enables the checks when saving through the primary + S shortcut.

Benefits

This benefits the user from not saving insecure post content to the DB using the shortcut.

Verification Process

  1. In the fix branch, add an image to the editor on an HTTPS site.
  2. Edit the image as HTML and replace the protocol to HTTP.
  3. Try saving the post using the Publish or Update button.
  4. Observe the error notice saving 1 insecure element found.
  5. Repeat steps 1 and 2 and try saving the post using primary + S and repeat step 4.
  6. In develop branch, primary + S will save the post with insecure element.

Credits

@Sidsector9 @dinhtungdu @jeffpaul @faisal-alvi

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests passed.

Changelog Entry

Fix: Issue with saving post with insecure element using the primary + S shortcut.

@jeffpaul jeffpaul added this to the 1.0.0 milestone Aug 16, 2021
@jeffpaul jeffpaul requested a review from dkotter August 16, 2021 14:54
Copy link
Contributor

@dinhtungdu dinhtungdu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Sidsector9, thanks for the PR! I have an issue testing this one. The warning appears when I hit Ctrl-S but the content is still saved. We want to prevent post saving in this case too.

@Sidsector9
Copy link
Member Author

@dinhtungdu This is a work in progress PR, that's why the [WIP] in title 😄

@jeffpaul
Copy link
Member

Not viewing this as a blocker for v1 launch so punting to 1.1.0 so the v1 release can proceed.

@jeffpaul jeffpaul modified the milestones: 1.0.0, 1.1.0 Aug 24, 2021
@Sidsector9
Copy link
Member Author

Update

Raised an issue with the Gutenberg team - WordPress/gutenberg#34864

@jeffpaul
Copy link
Member

Upstream Gutenberg issue is resolved, what else is blocking progress on this @Sidsector9?

@Sidsector9
Copy link
Member Author

Sidsector9 commented Oct 12, 2021

@jeffpaul I've tried running with the upstream fix and that didn't work either and the reason is the sequence in which event listeners are registered.

Gutenberg's listener for keypress Ctrl + S and Cmd + S runs before our logic to block post saving.
I tried to modify my code with the traditional document.onkeydown but that failed as well as the listener was registered at a much later point after Gutenberg finished registering all its listeners.

@Sidsector9 Sidsector9 changed the title [WIP] fix: check content for Ctrl+S and Command+S fix: check content for Ctrl+S and Command+S Oct 12, 2021
@Sidsector9 Sidsector9 changed the title fix: check content for Ctrl+S and Command+S fix/53: check content for Ctrl+S and Command+S Oct 12, 2021
@jeffpaul jeffpaul modified the milestones: 1.1.0, Future Release Oct 12, 2021
@jeffpaul
Copy link
Member

@Sidsector9 @dinhtungdu any ideas then on how to resolve this issue within the plugin?

@jeffpaul
Copy link
Member

@Sidsector9 is this PR worth keeping open to try and resolve the linked issue or are we blocked by upstream compatibility in Gutenberg?

@Sidsector9
Copy link
Member Author

@jeffpaul we are blocked by upstream incompatibility with Gutenberg. It's been a while since I've looked into this, I'll spend a little more time on it this week and see what can be done about this PR.

@jeffpaul
Copy link
Member

@Sidsector9 is there anything that could be done here or in Gutenberg to resolve this? If not, let's go ahead and close this out if we're not realistically going to be able to impact change on this issue (and can probably then close the related issue as wontfix).

@Sidsector9
Copy link
Member Author

Sidsector9 commented Jun 29, 2022

@jeffpaul before closing this, I would like to request @fabiankaegy to weigh in his thoughts on this issue, in case he may have a solution?

@Sidsector9 Sidsector9 requested a review from a team as a code owner August 7, 2023 04:07
@Sidsector9 Sidsector9 requested review from a team and removed request for a team, dkotter and fabiankaegy August 7, 2023 04:14
Copy link
Member

@faisal-alvi faisal-alvi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Sidsector9 a big thanks for your outstanding efforts on this PR.

I tested it on an M1 Mac Air with the Chrome browser, and the behavior was as expected. When I pressed Cmd+S, the warning appeared, preventing the post from being saved. Upon resolving the warning, the post saved successfully.

image

However, I noticed a number of changes that don't appear directly related to the fix, making the code review somewhat unclear.

Also, it seems the "E2E test / WP trunk" action check failed. Could you please take a look?

@Sidsector9
Copy link
Member Author

@faisal-alvi thanks for reviewing. I will look into the failing tests, we're facing similar failures in other repos as well.

However, I noticed a number of changes that don't appear directly related to the fix, making the code review somewhat unclear.

I wasn't able to run linters before these changes due to incompatibilities between the NPM dependencies. Upon investigating I saw this repo had a large number of old and unused dependencies. In commit 1694ff0, I cleaned up the project so that it's aligned with the other projects we have.

If you want to focus on reviewing just the feature, then this is the commit - 4a4d3ab

Copy link
Member

@faisal-alvi faisal-alvi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Sidsector9 Thanks for the info, makes sense, approving.

@jeffpaul jeffpaul modified the milestones: Future Release, 1.2.0 Aug 10, 2023
@jeffpaul jeffpaul merged commit 6448bb8 into develop Aug 10, 2023
5 of 8 checks passed
@jeffpaul jeffpaul deleted the fix/53 branch August 10, 2023 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Insecure warnings are not displaying when I used CMD+S shortcut
4 participants