Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBX-8891: Fixed XML link validation to allow using tel: in links #245

Merged
merged 2 commits into from
Sep 26, 2024
Merged

IBX-8891: Fixed XML link validation to allow using tel: in links #245

merged 2 commits into from
Sep 26, 2024

Conversation

vidarl
Copy link
Member

@vidarl vidarl commented Sep 19, 2024
edited by alongosz
Loading

🎫 Issue IBX-8891

Description:

Adds supports for

  • tel: links
  • Remove check for quotes and < and >, output is anyway url encoded

I synced with Gunnstein and we agree to keep the validation in schematron, but to simplify it, in order to keep the number of checks down as there is a default limit of 9:

runtime error: file /home/foobar/git/ezplatform-richtext/src/lib/eZ/RichText/Resources/stylesheets/schematron/iso_dsdl_include.xsl line 1353 element choose xsltApplySequenceConstructor: A potential infinite template recursion was detected.
You can adjust xsltMaxDepth (--maxdepth) in order to raise the maximum number of nested template calls and variables/params (currently set to 3000).

The most important think in this case is to ensure the security aspect, not to ensure that the URLs are syntactical correct (ie, we don't need to check for ezcontent://, ezlocation://, ezremote:// or ezurl://. We can simply have one rule that check for "starts with ez")

You may have a look at #244 for a different approach

@vidarl vidarl mentioned this pull request Sep 19, 2024
Closed
4 tasks
@vidarl vidarl force-pushed the IBX-8891_XML_link_validator_in_rich-text_does_not_allow_to_use_tel_links_schematron branch from d0a170a to 20ba45e Compare September 19, 2024 08:43
@vidarl vidarl requested review from glye and a team September 19, 2024 09:23
@vidarl vidarl changed the title Ibx 8891 xml link validator in rich text does not allow to use tel links schematron IBX-8891: xml link validator in rich text does not allow to use tel links Sep 19, 2024
@alongosz alongosz changed the title IBX-8891: xml link validator in rich text does not allow to use tel links IBX-8891: Fixed XML link validation to allow using tel: in links Sep 19, 2024
alongosz
alongosz approved these changes Sep 19, 2024
edited
Loading
View reviewed changes
phpstan-baseline.neon
Comment on lines +628 to +631
-
message: "#^Offset 1 does not exist on array\\{0\\?\\: string, 1\\?\\: ''\\|'ezremote\\://', 2\\?\\: string, 3\\?\\: string\\}\\.$#"
count: 1
path: src/lib/eZ/FieldType/RichText/RichTextStorage.php
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: allowing this since this is baseline alignment after an update and fixing this requires some changes that would take significant amount of time (impl + QA)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, and the same thing was done in 4.6 : ibexa/fieldtype-richtext@560eecf

@alongosz alongosz requested a review from a team September 19, 2024 12:14
tomaszszopinski
tomaszszopinski approved these changes Sep 25, 2024
View reviewed changes
Copy link

@tomaszszopinski tomaszszopinski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA approved on IbexaDXP 3.3 commerce.

@konradoboza konradoboza merged commit acb0fa0 into 2.3 Sep 26, 2024
27 checks passed
@konradoboza konradoboza deleted the IBX-8891_XML_link_validator_in_rich-text_does_not_allow_to_use_tel_links_schematron branch September 26, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomaszszopinski tomaszszopinski tomaszszopinski approved these changes

@konradoboza konradoboza konradoboza approved these changes

@alongosz alongosz alongosz approved these changes

@mikadamczyk mikadamczyk mikadamczyk approved these changes

@glye glye glye approved these changes

Assignees

@alongosz alongosz

@konradoboza konradoboza

Labels
QA approved
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vidarl @glye @mikadamczyk @alongosz @konradoboza @tomaszszopinski