-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interactivity API: Prevent wrong written directives from killing the runtime #61249
Conversation
Flaky tests detected in 03c093d. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/8895797255
|
b407b49
to
204c420
Compare
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.
To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we update the regexp instead so it doesn't match the bad suffix, requiring an alphanumeric character to start?
gutenberg/packages/interactivity/src/vdom.ts
Lines 16 to 28 in 204c420
// Regular expression for directive parsing. | |
const directiveParser = new RegExp( | |
`^data-${ p }-` + // ${p} must be a prefix string, like 'wp'. | |
// Match alphanumeric characters including hyphen-separated | |
// segments. It excludes underscore intentionally to prevent confusion. | |
// E.g., "custom-directive". | |
'([a-z0-9]+(?:-[a-z0-9]+)*)' + | |
// (Optional) Match '--' followed by any alphanumeric charachters. It | |
// excludes underscore intentionally to prevent confusion, but it can | |
// contain multiple hyphens. E.g., "--custom-prefix--with-more-info". | |
'(?:--([a-z0-9_-]+))?$', | |
'i' // Case insensitive. | |
); |
This line matching the suffix:
'(?:--([a-z0-9_-]+))?$', |
Could add a required alphanumeric initial character to the suffix like this:
'(?:--([a-z0-9][a-z0-9_-]*))?$',
For the warning, then we could check early if .exec()
returns null
, show the warning, and just skip the rest of the processing for a bad directive?
Hey @sirreal, we need to support dashes at the beginning of "suffixes". 😅 For instance, the <button
style="--button-color:blue;"
data-wp-style----button-color="state.buttonColor"
>A fancy button</button> |
Good spot 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The bugfix is good, but I would like to see some better naming generally for the parts of a directive. It doesn't need to happen in this PR.
packages/interactivity/CHANGELOG.md
Outdated
@@ -12,6 +12,8 @@ | |||
|
|||
- Hooks useMemo and useCallback should return a value. ([#60474](https://github.com/WordPress/gutenberg/pull/60474)) | |||
|
|||
- Prevent wrong written directives from killing the runtime ([#61249](https://github.com/WordPress/gutenberg/pull/61249)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to go up under the unreleased
section.
const prefix = directiveMatch[ 1 ] || ''; | ||
const suffix = directiveMatch[ 2 ] || 'default'; | ||
|
||
obj[ prefix ] = obj[ prefix ] || []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This section could probably use some comments about how strings are being split up and what we expect to find in each part. We've even got a constant wp
that's the directivePrefix
(that also appears in the middle of the data attribute).
Honestly, some kind of description of what the parts of a directive are and a refactor to rename things accordingly would be helpful. prefix
and suffix
don't really make sense:
nothing? suffix is everything after `prefix--`… I guess this makes sense
| |
vvvvvvv vvvvvvvvvv
data-wp-bind--on--change
^^^^
|
"prefix" in the middle?
Maybe we could talk about these things like the "directive name" or "directive type", then the rest of it could be some kind of input to the directive? I think we use these prefix/suffix names across the package and it seems confusing.
The bug fix here where we try to access a null
match is good 👍
5a9a7d5
to
1df720c
Compare
What?
Prevent wrong written directives killing the runtime of the Interactivity API.
Why?
A directive like
data-wp-on-window--
can kill the runtime process in the Interactivity API.How?
Refactored the code that gets the directives and parse them.
Testing Instructions
data-wp-on-document--
Screenshots or screencast
Before:
After: