Problem/Motivation

Noticed, while working on moving Drupal.org twitter embed blocks to Mastodon feed blocks. Mastodon feeds do not have item titles, so the description is taken as a fallback. However the description is not stripped of HTML and only the first 40 chars are taken, which is odd given the title could be much longer.

Steps to reproduce

Proposed resolution

Decode entities and strip description of HTML for the title fallback and truncate at 255 chars similar to how it is done before storage in aggregator_aggregator_process(). Add ellipsis to indicate there was more content. Also use the build in Drupal core features for these instead of custom word boundary matching.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

CommentFileSizeAuthor
#4 Screenshot 2023-07-07 at 16.02.51.png359.45 KBgábor hojtsy
#3 Screenshot 2023-07-07 at 15.41.47.png255.45 KBgábor hojtsy

Issue fork drupal-3373222

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Gábor Hojtsy created an issue. See original summary.

Gábor Hojtsy opened merge request !4339

gábor hojtsy’s picture

gábor hojtsy
he/him
Primary language Hungarian
Location Hungary
commented
Issue summary: View changes
StatusFileSize
new Screenshot 2023-07-07 at 15.41.47.png255.45 KB

Added screenshot of problems and expanded proposed resolution. Ended up also decoding entities, since those would/will also be escaped when displayed otherwise.

gábor hojtsy’s picture

gábor hojtsy
he/him
Primary language Hungarian
Location Hungary
commented
Issue summary: View changes
StatusFileSize
new Screenshot 2023-07-07 at 16.02.51.png359.45 KB
fjgarlin’s picture

fjgarlin commented
Status: Active » Reviewed & tested by the community

I reviewed the code in the MR and tested the fix here: https://fjgarlin-drupal.dev.devdrupal.org/security

The screenshots above from the before and after are from that URL, where I tested removing the items and then updating them again so they'd be resaved in the database.

The feeds we tested were https://drupal.community/@drupalsecurity.rss and https://drupal.community/@dropismoving.rss, where no "title" element is present in the items.

Marking RTBC.

poker10’s picture

poker10 commented
Issue tags: +Pending Drupal 7 commit, +Needs change record

Thanks for working on this!

Yes, this seems like a bug (because the resulting text is malformed). The fix looks good, but we are combining it with increasing the title length from 40 to 255 characters. I think we should add at least a short change record for people using this feature (e.g. feeds without titles), so they will not be surprised with longer text. Thanks!

I have tested this manually (comparing the old and new code for parsing the description) and it seems good. For example this text: 

<p>Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-026 3371114 at <a href="https://www.drupal.org" target="_blank" rel="nofollow noopener noreferrer"><span class="invisible">https://www.</span><span class="">drupal.org</span><span class="invisible"></span></a></p>

will change from this:
<p>Search Autocomplete -
to this:
Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-026 3371114 at https://www.drupal.org
when using the patch.

poker10’s picture

poker10 commented
Issue tags: -Needs change record

I have drafted a change record: https://www.drupal.org/node/3383554 . Feel free to update if needed.

mcdruid made their first commit to this issue’s fork.

mcdruid’s picture

mcdruid commented

Added a test for this.

Assuming the tests all pass, I'm happy for this to be committed.

poker10’s picture

poker10 commented

Thanks for adding the test @mcdruid! It is green, so I think we are good to go here.

  • poker10 committed 96a9946c on 7.x 
    Issue #3373222 by Gábor Hojtsy, mcdruid: Fallback to feed item...
poker10’s picture

poker10 commented
Status: Reviewed & tested by the community » Fixed
Issue tags: -Pending Drupal 7 commit

Committed, thanks all!

poker10 closed merge request !4339

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.