#225 | 2506445-225.patch | 50.3 KB | alexpott |
|
#225 | 224-225-interdiff.txt | 825 bytes | alexpott |
#224 | 2506445-223.patch | 50.48 KB | alexpott |
|
#222 | 2506445_222.patch | 51.77 KB | chx |
|
#222 | diffdiff.txt | 1.2 KB | chx |
#218 | 2506445-218.patch | 51.86 KB | alexpott |
|
#206 | 2506445.206.patch | 51.77 KB | alexpott |
|
#206 | 204-206-interdiff.txt | 3.92 KB | alexpott |
#204 | 2506445.204.patch | 52.71 KB | alexpott |
|
#204 | 199-204-interdiff.txt | 1.98 KB | alexpott |
#199 | 2506445.199.patch | 53.84 KB | alexpott |
|
#199 | 196-199-interdiff.txt | 8.78 KB | alexpott |
#196 | placeholder-2506445.196.patch | 45.59 KB | larowlan |
|
#196 | interdiff.txt | 5.77 KB | larowlan |
#190 | interdiff-2506445-171-189.txt | 12.65 KB | Sutharsan |
#190 | replace_placeholder-2506445-189.patch | 51.06 KB | Sutharsan |
|
#181 | interdiff.txt | 593 bytes | effulgentsia |
#181 | replace_placeholder-2506445-181.patch | 47.96 KB | effulgentsia |
|
#179 | interdiff.txt | 717 bytes | effulgentsia |
#179 | replace_placeholder-2506445-179.patch | 48.72 KB | effulgentsia |
|
#171 | replace_placeholder-2506445-171.patch | 48.67 KB | Sutharsan |
|
#171 | interdiff-2506445-164-171.txt | 1.75 KB | Sutharsan |
#164 | replace_placeholder-2506445-164.patch | 50.25 KB | justAChris |
|
#164 | 2506445-interdiff-161-164.txt | 944 bytes | justAChris |
#161 | replace_placeholder-2506445-161.patch | 51.17 KB | justAChris |
|
#161 | 2506445-interdiff-149-161.txt | 5.53 KB | justAChris |
#149 | interdiff-2506445-146-149.txt | 2.62 KB | Sutharsan |
#149 | replace_placeholder-2506445-149.patch | 55.78 KB | Sutharsan |
|
#147 | replace_placeholder-2506445-146.patch | 58.01 KB | Sutharsan |
|
#143 | replace_placeholder-2506445-141.patch | 419.57 KB | Sutharsan |
|
#140 | replace_placeholder-2506445-140.patch | 419.83 KB | Sutharsan |
|
#135 | interdiff-2506445-128-135.txt | 2.19 KB | Sutharsan |
#135 | replace_placeholder-2506445-135.patch | 32.63 KB | Sutharsan |
|
#128 | replace_placeholder-2506445-128.patch | 31.34 KB | subhojit777 |
|
#126 | interdiff.txt | 1010 bytes | subhojit777 |
#126 | replace_placeholder-2506445-126.patch | 31.32 KB | subhojit777 |
|
#122 | non-href-slice-n-dice.txt | 36.45 KB | justAChris |
#122 | non-href-lookbehind.txt | 31.76 KB | justAChris |
#121 | 2506445-interdiff.txt | 4.9 KB | rpayanm |
#121 | 2506445-121.patch | 31.6 KB | rpayanm |
|
#117 | 2506445-117.patch | 36.95 KB | rpayanm |
|
#111 | 1__d8_html__bash_.png | 38.54 KB | joelpittet |
#101 | replace_remaining-2506445-101.patch | 504.11 KB | nlisgo |
|
#101 | interdiff-2506445-100-101.txt | 1001 bytes | nlisgo |
#100 | replace_remaining-2506445-100.patch | 504.13 KB | nlisgo |
|
#96 | replace_remaining-2506445-96-with-test.patch | 505.52 KB | joelpittet |
|
#96 | interdiff.txt | 702 bytes | joelpittet |
#96 | replace_remaining-2506445-96-reroll.patch | 505.19 KB | joelpittet |
|
#92 | ordered.ods | 42.81 KB | joelpittet |
#89 | files_stats-2506445-85.txt | 12.36 KB | justAChris |
#87 | files_modified-2506445-85.txt | 9.9 KB | justAChris |
#85 | 2506445-UnexpecterError.jpg | 122.92 KB | justAChris |
#85 | replace-most-2506445-85.patch | 511.89 KB | justAChris |
|
#80 | interdiff-2506445-77-80.txt | 479 bytes | Anonymous (not verified) |
#80 | replace-most-2506445-80.patch | 538.39 KB | Anonymous (not verified) |
|
#77 | interdiff-2506445-73-77.txt | 14.47 KB | Anonymous (not verified) |
#77 | replace-most-2506445-77.patch | 538.43 KB | Anonymous (not verified) |
|
#73 | replace-most-2506445-73.patch | 538.51 KB | Anonymous (not verified) |
|
#71 | replace-most-2506445-71.patch | 538.53 KB | Anonymous (not verified) |
|
#66 | replace-most-2506445-65.patch | 538.5 KB | Anonymous (not verified) |
|
#61 | replace_most-2506445-61.patch | 539.44 KB | nlisgo |
|
#61 | interdiff-2506445-54-61.txt | 1.15 KB | nlisgo |
#60 | interdiff-2506445-54-60.txt | 3.43 KB | Anonymous (not verified) |
#60 | replace-most-2506445-60.patch | 535.74 KB | Anonymous (not verified) |
|
#57 | interdiff-2506445-51-54.txt | 930 bytes | Anonymous (not verified) |
#54 | replace-most-2506445-54.patch | 539.17 KB | Anonymous (not verified) |
|
#51 | replace-most-2506445-51.patch | 538.46 KB | Anonymous (not verified) |
|
#49 | replace-most-2506445-49.patch | 538.23 KB | Anonymous (not verified) |
|
#46 | replace-most-2506445-45.patch | 545.74 KB | Anonymous (not verified) |
|
#44 | replace_most-2506445-44.patch | 553.21 KB | joelpittet |
|
#44 | interdiff.txt | 5.97 KB | joelpittet |
#42 | replace_most-2506445-42.patch | 553.21 KB | joelpittet |
|
#40 | replace_most-2506445-40.patch | 537.43 KB | joelpittet |
|
#40 | interdiff.txt | 1.38 KB | joelpittet |
#37 | replace_many-2506445-37.patch | 544.69 KB | joelpittet |
|
#33 | replace_many-2506445-33.patch | 544.92 KB | joelpittet |
|
#33 | interdiff.txt | 16.13 KB | joelpittet |
#31 | replace_many-2506445-31.patch | 534.17 KB | joelpittet |
|
#31 | interdiff.txt | 1.45 KB | joelpittet |
#28 | replace_many-2506445-28.patch | 540.32 KB | joelpittet |
|
#26 | replace_many-2506445-26.patch | 394.33 KB | joelpittet |
|
#22 | replace_many-2506445-22.patch | 396.02 KB | subhojit777 |
|
#22 | interdiff-2506445-21-22.txt | 676 bytes | subhojit777 |
#21 | replace_many-2506445-21.patch | 396.68 KB | subhojit777 |
|
#21 | interdiff-2506445-17-21.txt | 2.98 KB | subhojit777 |
#17 | replace_many-2506445-17.patch | 393.63 KB | subhojit777 |
|
#13 | interdiff.txt | 4.87 KB | joelpittet |
#13 | replace_many-2506445-13.patch | 395.86 KB | joelpittet |
|
#3 | interdiff.txt | 2.78 KB | joelpittet |
#3 | replace_many-2506445-3.patch | 401.1 KB | joelpittet |
|
#2 | replace_many-2506445-1.patch | 413.81 KB | joelpittet |
|
Comments
Comment #1
xjmWas getting some false matches so I tightened my regex to just
t()
to start:emacs `egrep -rl '\Wt\(.*\!([a-zA-Z])+' * | grep -v "vendor" | grep -v ".js" | grep -v .css | grep -v "~"`
Comment #2
joelpittetHere's all of them, let's see how many break and how many mistakes I made;)
Comment #3
joelpittetOvershot and undershot a few. And testbot engage!
Comment #5
xjmSo I started to roll this patch. One downside of this approach is that it will add many early
checkPlain()
calls (or following #2506035: Do not add placeholders from SafeMarkup::format() to the safe list stillhtmlspecialchars()
calls) for things like URLs. So we do more early escaping in order to not have double-escaping.However, while deferring more escaping is something we should solve at some point (and a concern I raised in the original SafeMarkup issue), it's not going to happen in 8.0.x, and the instances being changed in this patch are really a drop in the bucket. I do think we should have #2506035: Do not add placeholders from SafeMarkup::format() to the safe list to mitigate it though.
Edit: Augh. I had the issue assigned to myself, meaning I was working on this. I was deliberately separating it into a few scoped sub-issues for easier review.
Comment #6
joelpittet194 fails in one test class:
Drupal\Tests\editor\Unit\EditorXssFilter\StandardTest
That should be easy to knock down, if we find out why they are failing.
Comment #7
joelpittetSorry to jump the boat @xjm. Well now you have a big picture to run with I guess.
Comment #8
xjmUnassigning, no point in me posting a subset of this patch. :)
Comment #9
xjmComment #10
Wim LeersThe reason for the many failures here:
That's wrong :)
Comment #11
xjm@Wim Leers: lol. I think that regex needs to be fixed. ;)
Comment #12
joelpittetOh I probably broke a bunch like that;) I went for fast instead of accurate:P
Comment #13
joelpittetThere may be more that I missed but this cleans up a few including the one in #10 thanks @Wim Leers.
--color-words
was helpful, thanks xjm for showing me that a while backComment #15
subhojit777Comment #16
subhojit777Comment #17
subhojit777Now working on failing tests.
Comment #18
joelpittetComment #21
subhojit777I am having problem in debugging these tests
Drupal\migrate_drupal\Tests\MigrateTableDumpTest
andDrupal\system\Tests\Common\AddFeedTest
, any help regarding this would be great. Rest of the things are fixed.Comment #22
subhojit777Comment #23
subhojit777Removed verbose messages.
Comment #26
joelpittetReroll of #22 thank you for knocking it down to 4 fails @subhojit777!
Going to see if I can get them down to 0 today.
Comment #28
joelpittetSeems I missed a bunch of things... mostly in hook_help()... this patch has grown. I reverted my slight name changes from percent back to pct and @error_message back to @e.
Comment #30
joelpittetWell that's nice that it's the same # of fails after almost doubling the patch size...
Comment #31
joelpittetMy interdiff may suck on the migrate fixes, but the other two are in it;)
Crossing fingers.
Comment #33
joelpittetHmm instead of reverting the migrate stuff I should have went the other direction. Missed a few more things in there.
That revert fixed one but broke the other worse:P
Did a few *.js ones as well.
One problem is the feed icon. I can't do it because we remove SafeMarkup from the Attribute classes and just escape it now. So the problem is that
t('@title')
will escape once, then the result is sent to the Attribute where it's escaped a second time. I'm surprised we didn't run into more of those cases. @xjm Can or should we work around this some other way?Comment #35
joelpittetComment #36
joelpittetGoing to fix feed_icon in #2531824: Attribute class to check safe strings before escaping (has tests) and it's ilk.
Comment #37
joelpittetRe-roll and touchups to see where this is at (litmus test)
Comment #38
joelpittetComment #40
joelpittetI should probably do this on an ignore test issue...
Comment #42
joelpittetOne way that helps me find these is a case sensitive regex project search for:
['"]!(?!IE)[a-zA-Z]
And exclude the following folders/files:
-vendor/*,-*.css,-*.json
Then when I find one I just search the project for instances of that same one and any remaining
!
that may be left over in that file. I think it catches about 99% of the cases.There a few false positives there including people using that
!
to as their regex delimiter, but excludes the!IE
false positive that is quite frequent.Comment #44
joelpittetThis should help a bit further with migrate tests.
I think the error message one will likely be fixed in #2501319: Remove SafeMarkup::set() in Error::renderExceptionSafe() and _drupal_log_error() and improve backtrace formatting consistency in _drupal_log_error(), Error::renderExceptionSafe(), and DefaultExceptionSubscriber::onHtml ()
Comment #46
Anonymous (not verified) CreditAttribution: Anonymous commentedWe should not change the D6 database dump that is used in tests. If it produces more errors... then we need to fix them in migrate as things get imported!
This patch is the same as #44 but with migrate_drupal/src/Tests/Table/d6/Variable.php reverted.
Comment #47
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #49
Anonymous (not verified) CreditAttribution: Anonymous commentedRegarding my comment in #46, it turns out that the tests are not actually safe markup calls, but rather, old D6-style tokens. As such, I have rerolled with that test excluded. Revised patch attached.
New issue has been created to deal with the tokens: #2551631: D6 user_mail tokens do not get converted.
Comment #51
Anonymous (not verified) CreditAttribution: Anonymous commentedReroll to bring this up-to-date with head.
Comment #52
YesCT CreditAttribution: YesCT commentedthe fail
Drupal\Tests\migrate\Unit\MigrateExecutableTest
Parameter 0 for invocation Drupal\migrate\MigrateMessageInterface::display('Migration failed with source ...{<(', 'error') does not match expected value. Other MigrateExecutableTest.php 61 Drupal\Tests\migrate\Unit\MigrateExecutableTest->testImportWithFailingRewind()
@Ryan Weal said was failing sometimes, and
is randomly generating a message which sometimes has some stuff that gets escaped.
So, I think we should not randomly generate the message.
Either
a) set a message string that doesn't need escaping
or
b) set a message that does need escaping
or..
c) both
and then make the tests test what we expect will happen.
Comment #54
Anonymous (not verified) CreditAttribution: Anonymous commentedHopefully this applies and brings us down to only one fail.
Comment #56
Anonymous (not verified) CreditAttribution: Anonymous commentedI've taken this as far as I can get with it.
It seems like ConfigImporter::logError is not marking as safe. So when we run the test we are getting this:
$logs[0] (populated by ConfigImporter::logError) :
'Unexpected error during import with operation create for config_test.dynamic.primary: 'config_test' entity with ID 'secondary' already exists.'
expected :
'Unexpected error during import with operation create for config_test.dynamic.primary: \'config_test\' entity with ID \'secondary\' already exists.'
Comment #57
Anonymous (not verified) CreditAttribution: Anonymous commentedHere is something resembling an interdiff (used git show on my working branch) for my change between comments #51 and #54 which fixes one of the errors.
Comment #58
nlisgo CreditAttribution: nlisgo commentedI seem to be getting the following for $logs[0]:
And the expected is:
Comment #59
Anonymous (not verified) CreditAttribution: Anonymous commentedGit blame reveals that this was done on purpose in #2514044: Do not use SafeMarkup::format in exceptions.
So maybe we should just revert that failing change?
Comment #60
Anonymous (not verified) CreditAttribution: Anonymous commentedTaking ConfigImporter out of the equation for now, we will create a new issue to address use of !placeholder there.
Comment #61
nlisgo CreditAttribution: nlisgo commentedCould this be the solution?
Comment #62
nlisgo CreditAttribution: nlisgo commentedThe SafeMarkup::format around the $e->getMessage is consistent with what we do in Drupal\config\Tests\ConfigImporterTest::testSecondaryWriteSecondaryFirst
The $message is the return of SafeMarkup::format()
Comment #63
Anonymous (not verified) CreditAttribution: Anonymous commentedRe: #61... hope so!
If not... we can deal with ConfigImporter in #2551743: Replace !placeholder references in Config with @placeholder.
Comment #65
YesCT CreditAttribution: YesCT commentedComment #66
Anonymous (not verified) CreditAttribution: Anonymous commentedRerolled. However, the test (\Drupal\user\Tests\UserBlocksTest) no longer passes locally, running that same test on 8.0.x branch also fails locally.
Comment #67
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #68
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #69
nlisgo CreditAttribution: nlisgo commented\Drupal\user\Tests\UserBlocksTest passes for me locally and it appears to have passed on the testbot.
Comment #70
geertvd CreditAttribution: geertvd at XIO commentedWe are doing this a couple of times, any reason why?
We shouldn't be using SafeMarkup::format() without arguments, it's basically the same as calling SafeMarkup::set() #2547851: SafeMarkup::format() should require arguments without them it is just SafeMarkup::set() in disguise
Comment #71
Anonymous (not verified) CreditAttribution: Anonymous commentedRevised per #70.2 after consulting some of the other sprinters.
Comment #72
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #73
Anonymous (not verified) CreditAttribution: Anonymous commentedRemoved the unsightly formatting referenced in #70.1 above.
Comment #74
geertvd CreditAttribution: geertvd at XIO commentedMissed some, also interdiffs are really needed when making changes on this size of a patch.
Comment #75
geertvd CreditAttribution: geertvd at XIO commentedI'm not sure if this is the best alternative to SafeMarkup::format either, don't know what the better alternative is though.
I looked this up and this actually had an
@
before but was changed in #2514044: Do not use SafeMarkup::format in exceptionsComment #76
Anonymous (not verified) CreditAttribution: Anonymous commentedRe: #75 as noted above I took the advice of Joel Pittet who is here sprinting with us, as he knows more about it than I do.
Comment #77
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #78
geertvd CreditAttribution: geertvd at XIO commentedBesides my open question in #75 the patch looks good, would be great of someone else can confirm that it's ok to use
SafeString::create()
here.Comment #79
joelpittet@geertvd regarding #75 using SafeString::create() instead of SafeMarkup, allows us to mark the string as safe without poluting the large list of safeStrings that it holds on it. So we are slowly but surely moving away from SafeMarkup and towards SafeString as it is closer to what we aimed to do in the original autoescape issue and what Twig_Markup does.
That being said... I think we need to just be careful just the same as SafeMarkup::set() can be abused if used improperly... If we don't mark the string as safe and we use '@' it will escape everything in that variable, I'm curious what's in that variable that would cause escaping to produce negative results?
This is an un-used use statement.
I could be wrong but this is because the message has backtraces in it's message or some other HTML?
Comment #80
Anonymous (not verified) CreditAttribution: Anonymous commentedRemove unused SafeMarkup from #79.1.
Comment #81
geertvd CreditAttribution: geertvd at XIO commentedThe problematic variable is this one.
Doesn't
SafeMarkup::format()
mark a string as safe? So I really don't understand why the @placeholder is not inserting it unescaped.Could be saying something silly here, that SafeMarkup stuff can get confusing.
Comment #82
Anonymous (not verified) CreditAttribution: Anonymous commentedI don't have a solution either, per my comment in #56.
Comment #83
Anonymous (not verified) CreditAttribution: Anonymous commentedI'm told that this is going to take many hours and further revisions to get to RTBC, and as the sprint I'm at is ending in 2h, I am going to move on to other tasks. Good luck here folks.
Comment #85
justAChris CreditAttribution: justAChris as a volunteer commentedReroll of patch on #80.
Further investigation into ConfigImporter & ConfigImporterTest to hopefully help answer questions in #79 & #81
The error in
$e->getMessage()
is an exception thrown here:It looks like the only characters to get escaped are the quotes unless the ID or entityTypeId have special characters. Not sure if this means we are comfortable with marking this safe? I guess if you can mess with the configuration import (files), you could do other security damage?
Looking at the output to the user, manual testing of this error produce the same visual output with the different escape / print methods. A screen grab is attached of that output. The source is different (the escaped single quote):
In ConfigImporter::processConfiguration()
Bang (
'!message' => $e->getMessage()
)SafeString @ (
'@message' => SafeString::create($e->getMessage())
)@ only (
'@message' => $e->getMessage()
)Regarding ConfigImporterTest::testSecondaryWriteSecondaryFirst(), we don't need to mark these safe, as long as the assertions match the logged value. To avoid using SafeMarkup::format, we could do something like:
We can drop the Html::escape() if the single quotes aren't escaped in the error.
I'm sure there are more efficient methods to reproduce the error manually, but here's how I did it:
Comment #86
xjmRelated issue: #2558791: "!"-prefixed tokens should Xss::filterAdmin() but not affect safeness
I'd really like to break this patch into smaller pieces. It is unmanageable and unreviewable as-is.
Comment #87
justAChris CreditAttribution: justAChris as a volunteer commentedI'd imagine it is uncommittable as well even if it did get to that stage. Not sure if it's helpful but attached a list of all the files touched by the latest reroll (#85).
205 Files, not sure the method to break this down, by module & core subsystem?
Comment #88
joelpittetThat is helpful @justAChris: Some things relate to their tests but for the most part they can be hunked together.
Could you do the same thing but also show the
diff --stats
so we know the how many changes are in the files?Let's find the largest set of changes in a module or subsystem and group a couple of those to hack hunks of this patch down quick. Then we can deal with the one-off and smaller bits likely in this issue as hopefully a <100K patch.
Comment #89
justAChris CreditAttribution: justAChris as a volunteer commentedStats for latest reroll attached.
Not sure if @xjm intended to move this planning to #2506427: [meta] !placeholder causes strings to be escaped and makes the sanitization API harder to understand since that was marked as meta.
Comment #90
justAChris CreditAttribution: justAChris as a volunteer commentedAt the very least this is back to Active now, if not closed (duplicate).
Comment #91
joelpittetWhoops meta meta
Comment #92
joelpittetOK perfect, while doing this I realized a bunch were in hook_help text, maybe even the majority. Just a side note...
Here's the list in 85 ordered by changes.
Comment #93
joelpittet@justAChris If we close this we just need to make sure people who worked on it get credited in the spin-off issue(s).
Here's a proposal for splitting this into chunks:
core/modules/contact/*
core/modules/views/*
core/modules/comment/*
core/modules/migrate/*
core/modules/views_ui/*
core/modules/language/*
core/modules/locale/*
core/modules/update/*
core/modules/user/*
core/modules/simpletest/*
core/modules/search/*
core/modules/help/*
core/modules/node/*
core/modules/config_translation/*
core/modules/block*
core/modules/aggregator/*
Cherry picking a bit but how does that sound?
Comment #94
justAChris CreditAttribution: justAChris as a volunteer commentedFirst child issue added (for contact module): #2559435: Replace !placeholder with @placeholder in Contact module
Comment #95
justAChris CreditAttribution: justAChris as a volunteer commentedItems 1-18 on #93 have been opened (with exception of 5 & 14) as child issues of #2506427: [meta] !placeholder causes strings to be escaped and makes the sanitization API harder to understand and marked related to this.
Per conversation w/ @joelpittet on irc, this issue should cover anything not covered by new issues, re-titled as such. This issue may be postponed until we determine the scope of "remaining".
For future reference, @joelpittet won the issue opening race :p
Comment #96
joelpittetHere's a re-roll and just to help with those split offs I've added a test for all help pages!
Maybe it would be worth doing the tests in one shot with this test in play that way people aren't doing the hook_help() test which are probably the bulk of this patch.
Comment #97
joelpittetI opened it up, it may mean a bit of re-rolling on some of the other issues but I think it will be worth it because it's 300k from this patch and and automated test to cover them all in two assert lines.
#2560783: Replace !placeholder with :placeholder for URLs in hook_help() implementations
Comment #98
alexpott", $variables);
This is double escape in a nut-shell. See #2564321: file_save_htaccess() generates error logs which are escaped incorrectly for a proper fix.
Comment #99
nlisgo CreditAttribution: nlisgo commentedI will review the issue referenced in #98 and prepare a patch to address the double escape.
Comment #100
nlisgo CreditAttribution: nlisgo commentedReroll necessary since the following issue was fixed: #2560733: Remove a few problematic t() calls from tests
I will address the feedback in #98 next.
Comment #101
nlisgo CreditAttribution: nlisgo commentedThis addresses the feedback in #98.
If #2564321: file_save_htaccess() generates error logs which are escaped incorrectly gets committed before this issue we will be removing the changes to core/includes/file.inc entirely as the code change is identical.
Comment #102
nlisgo CreditAttribution: nlisgo commentedComment #103
geertvd CreditAttribution: geertvd at XIO commentedSince we are doing that fix in #2564321: file_save_htaccess() generates error logs which are escaped incorrectly we shouldn't do the fix here also, IMO it should just remove that from the patch right away.
Comment #104
nlisgo CreditAttribution: nlisgo commented@geertvd that had occurred to me but if we did that we would need to postpone this issue until that one was committed?
My opinion is that I feel comfortable including it in both as it is not the significant portion of either patch. And it removes the dependency chain for each issue.
Happy to fall in though but I understood from the comment in #98 by @alexpott that including the same fix was being requested.
Leaving as needs review unless anyone feels very strongly about it.
Comment #105
alexpottWe're also discussing the ! in #2558791: "!"-prefixed tokens should Xss::filterAdmin() but not affect safeness. Given the discussions there I think we should postpone this.
Comment #106
alexpottCan Ryan Weal, nlisgo, subhojit777, and justAChris comment on #2564353: Remove !placeholder usage from SafeMarkup::format() so they can get credit.
Comment #107
alexpottI think we could rescope this issue to fix all of the
!placeholder
by doing the following regex on the code base[\s>.\(]t\('[^']*(?<!href=")![a-zA-Z]
.This issue should not convert:
!placeholder
where the placeholder is a url!placeholder
where output of t() is being used for non-HTML such as an emailThere will be around 170 or so things to fix.
Comment #108
xjmJust a note for future reference -- "Per module" is rarely the best way to scope the children of the meta issue. We should focus the scope on the specific kinds of conceptual problems we're solving. For example, "Remove ! usage in test assertion messages". (More suggestions in this draft on issue scoping).
Also, in general, it's better to get the first child issue in first before spending time creating lots of others, and then to create the others from a list in the meta only as they are needed.
Comment #109
xjmRetitling for #107.
Comment #110
xjmI can't get the regex in #107 to work in bash.
Comment #111
joelpittet@xjm try this if you use ag.
ag '[\s>.\(]t\('[^']*(?<!href=")![a-zA-Z]'
Single quotes being of utmost importance.
EDIT: Well that didn't work actually, bash sucks and I forgot to escape things...
Comment #112
xjmThis should work in bash, on mac, to look for the ones I was previously matching in #1 and then just exclude hrefs that have a ! placeholder:
Comment #113
xjmAdding a working bash command to the summary.
Comment #114
xjmAlso, setting to active to indicate that we should start with a fresh patch.
170 usages is still kind of a lot. I'd suggest splitting it up more than this (but conceptually, not per module). A good first set of changes would be assertion messages in tests, maybe.
Comment #115
xjmAlso, see #2564353: Remove !placeholder usage from SafeMarkup::format() -- a lot of the comments on that issue will be relevant for these as well.
Comment #116
rpayanmLet me try!
Comment #117
rpayanmThere are still changes... I am continue tomorrow.
@xjm the bash command, I think that have false positives, here a example:
core/lib/Drupal/Core/Datetime/Element/Datelist.php: $form_state->setError($element, t('The %field date is invalid.', array('%field' => !empty($element['#title']) ? $element['#title'] : '')));
Comment #120
alexpottThis will need a reroll now that #2564353: Remove !placeholder usage from SafeMarkup::format() has landed and that will fix the config tests.
Not correct - these are non html usage. And should not be changed in this issue.
Comment #121
rpayanmReroll and @alexpott's suggestions.
Comment #122
justAChris CreditAttribution: justAChris as a volunteer commentedPosting a the results of the two regular expressions used thus far to find !placeholder in non href strings for comparison. Just cross verifying that they mainly produce the same results (with a few exceptions) to make sure we attempt to find all instances, which is the goal regardless of what regex is used.
non-href-slice-n-dice.txt using the grep currently listed in the issue summary.
non-href-lookbehind.txt is using the regex found in #107
Comment #125
justAChris CreditAttribution: justAChris as a volunteer commentedPer #114 and irc conversation with @xjm and @joelpittet, the subset of this patch that are contained in test assertions has been split off: #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only.
This new issue should be actionable now as its resolution appears to be independent of the result of planning in the parent meta issue.
Comment #126
subhojit777Managed to fix one failing test.
Comment #128
subhojit777Straight reroll.
Comment #132
justAChris CreditAttribution: justAChris as a volunteer commentedUpdating Bash command in issue summary to indicate that the replacement/removal in Tests should be handled in a different issue, currently #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only.
Comment #133
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedI am aware that the replacements in tests will be handled in a different issue, but still investigate the errors. They need to be fixed any way. This is the first one:
This test fails because @placehoders are escaped the $link_text will now for example contain
<
instead of<
Comment #134
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedWorking on a new patch ...
The ConfigImporterTest test fails because @message contains quotes that get encoded due to the @placeholder
Comment #135
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedComment #136
subhojit777@Sutharsan thanks for working on this. Would you like to write a patch for this issue #2509218: Ensure that SafeString objects can be used in non-HTML contexts as well. There are some tests failing there which are same as you just fixed here.
Comment #137
Sutharsan CreditAttribution: Sutharsan as a volunteer commented@sughojit777 I Currently focus on those issues that are likely to be marked critical as per #2506427-51: [meta] !placeholder causes strings to be escaped and makes the sanitization API harder to understand.
Comment #138
webchickQuestion. If this is scriptable, would it help if we instituted a small "commit freeze," rolled the mega-patch once, and committed it all in one go? If so, I'd be available later on today to do this.
Comment #139
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedNah, chasing head is fun ;) I'm currently checking the existing 'Replace !placeholder' patches. 1/3rd needs a reroll and most of the patches are only 6 - 10 days old. A freeze would help, but lets not rush. Get a combined and bot tested patch first, do some basic testing and then find a good moment to commit. Rerolling these patches is not super complicated and rerolling a single patch is already a lot better than 18 of them.
Comment #140
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedThis is the combined patch of the following issues:
Comment #143
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedPls ignore patch in #140, it doesn't apply.
Comment #144
xjmJust to reiterate, this patch must not include places where the placeholder is used for URLs, because that needs to be explored separately. See #2565895: Add a new :placeholder to SafeMarkup::format() for URLs that handles bad protocols.
This patch should also not include placeholders that are being used for a non-HTML context e.g. email messages, because those need to be handled separately as well. See #2509218: Ensure that SafeString objects can be used in non-HTML contexts.
So the regex in the summary is a start, but we still need to look at each usage rather than just scripting the conversions. This is why I suggest starting with tests only. Lower risk and more manageable. Retitling to indicate that and updating the regex to target that.
Once that's in, we can tackle the non-test ones.
Comment #145
xjmActually setting active again, to indicate again we need to start afresh, not update the existing patch or combine other patches. :)
Comment #146
xjmEr. Fixing the grep command.
Comment #147
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedOk, new patch.
This replaces the !placeholders in *Test.php files according to the regex in the issue summary.
Comment #148
webchick@Sutharsan: Out of curiosity, what command did you pipe that into to do the actual find/replacing? This way you could go to bed sometime soon and someone from North America / Australia could take over if they were so inclined. :D
Comment #149
Sutharsan CreditAttribution: Sutharsan as a volunteer commented@webchick, yes going to bed is my next priority.
I used the patch from #143 as starting point and only used the Test.php file from it (the regex script filters on presence of 'Text.php' in the file name). Next I used the regex to find the remaining !placeholders and find/replace the with an editor (not typing, too much risk of typo). As last step (this new patch) check for 'href=' or 'src=' in the patch and revert those changes. And search for usage in mail context (#144). That was my recipe.
This patch reverts changes for URL usage. No mail (or other non-html) usage identified.
Comment #153
xjmNote that the next step after this one is passing will be #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only.
Comment #155
xjmThanks @Sutharsan.
This change should not be made. It's changing the behavior of the test and not in scope. This looks like cruft from the old patch.
I'm not sure why it's better to reroll the stale patch than create a new one, but I guess someone can use the grep command with the patch applied, and at least with this patch size it's reviewable. Thanks!
Comment #156
xjmAh, and this one is the unit test for !placeholder. We should remove this hunk from this patch, and instead handle this in the later issue that deprecates or removes
!placeholder
entirely.Comment #157
xjmI think these changes are also testing the behavior of the !placeholder functionality (or the discovery of strings with it) for the JavaScript equivalent of t(). I suggest we create a followup for this test and exclude it from the patch here.
Comment #158
xjmAlso, these assertions don't seem to be in scope either; maybe a separate issue?
Comment #159
xjm@webchick, re: #148, the grep command is documented in the issue summary. It's not as simple as just scripting it, unfrotunately, because of all the side effects.
Comment #160
xjmAnd, finally, the reason these are failing is that the display name is
<test>
. We should remove the t() calls entirely and just assert the raw expected output. This might be worth spinning off into its own issue too because it is a bit tricky and will be different from the other changes.Comment #161
justAChris CreditAttribution: justAChris as a volunteer commentedRemoved lines highlighted in comments #155 - #160.
Updated Issue Summary to indicate issues that should be filed to resolve this edge cases. I haven't yet filed them myself.
Regarding #158, those tests already exist in the hook_help() issue: #2560783: Replace !placeholder with :placeholder for URLs in hook_help() implementations. We should keep that issue open, but at postponed since it may come in handy if we change the placeholder in URLs
Also, haven't cross referenced against the bash script or any other regex to ensure that we've captured the entire scope.
Comment #164
justAChris CreditAttribution: justAChris as a volunteer commentedRevert
core/modules/locale/src/Tests/LocaleJavascriptTranslationTest.php
correctly this time.Comment #166
webchickDrupal\views\Tests\Plugin\DisplayFeedTest? Sounds like that may be spurious. Trying a re-rest, since DrupalCI liked it well enough.
Comment #170
joelpittetThese are for email tokens and I think they shouldn't be converted. I could be wrong but that is what I recall from one of the other issue and discussions with @effulgentsia
Comment #171
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedYou are correct. No output escaping in email context, or other non-html output such as a webservice response. Their front-end (e.g. mail client) is responsible for that.
Comment #172
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedCreated the follow-up issue for #156, #157 and #158: #2567727: LocaleJavascriptTranslationTest needs test coverage for @placeholders in JavaScript
Comment #173
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedComment #174
Novitsh CreditAttribution: Novitsh as a volunteer commentedAs far as #171 goes, looks OK to me.
Comment #175
justAChris CreditAttribution: justAChris as a volunteer commentedAbout 20 of the replacements in the latest patch are in format_string() which looks to be outside the scope of this issue
And also, potentially wrong given 9.0.0 deprecation
On the positive side, running the bash grep in the issue summary against the patched codebase only returns items we have specifically excluded above:
Comment #176
justAChris CreditAttribution: justAChris as a volunteer commentedNot in t()
Also not in t()
Is this supporting some other Test assertion? seems wrong in this scope. EDITED: Maybe needed, see #52. Maybe run these tests locally without this update and see if it still fails?
Should we even be touching the first line here? no placeholder. Or does it affect the second line? Is this really the best way to do this in that case? EDITED: Explanation in #133, but does this still apply since we reduced the scope to tests only?
Comment #177
effulgentsia CreditAttribution: effulgentsia at Acquia commentedI'm ok with those being included in this patch. Is there a reason not to? The issue summary currently says "in t() usage only". Should we change the issue summary to also include SafeMarkup::format() usage or do we have/want a separate issue for that and then remove those from this patch?
If we include them in the patch, I'd be ok with either them being changed to
SafeMarkup::format()
while we're at it (since we're changing that line anyway), or letting that conversion be a separate issue.Re #176.1/2: They are in t(), just indirectly, via ConfigEntityMapper::getTitle(). However, because of that, we also need to change the prefix used in that method, so let's remove that from here and do it in #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only.
Re #176.4: I don't get the question. This is in a test.
Comment #178
effulgentsia CreditAttribution: effulgentsia at Acquia commentedRe #176.3: I opened #2567793: Random test failures in MigrateExecutableTest when random string returns unescaped html entities. Can anyone help to quickly resolve that issue? Not sure if it's a hard blocker or soft blocker for this one.
Comment #179
effulgentsia CreditAttribution: effulgentsia at Acquia commentedInteresting. On its own, #2567793: Random test failures in MigrateExecutableTest when random string returns unescaped html entities passes. Therefore, trying this to see if something in this patch is making it fail.
Comment #180
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedThese two test modules are overlooked by the regex:
FormTestVerticalTabsForm.php:
t('Field !num', array('!num' => $i)),
'#title' => t('Field !num', array('!num' => $i)),
node_test.module:
t('Value of testElement RSS element for node !nid.', ...
t('Extra data that should appear only in the RSS feed for node !nid.' ...
t('Extra data that should appear everywhere except the RSS feed ... !nid ...
Comment #181
effulgentsia CreditAttribution: effulgentsia at Acquia commentedSince #179 passes, whatever was causing the problem in #52 no longer appears to be in this patch, so removing #176.3 from this patch as an out of scope change.
This patch does not yet address the rest of the feedback from #176, #177, and #180. Leaving that for someone else to work on.
Comment #182
justAChris CreditAttribution: justAChris as a volunteer commentedRegarding #176.4, I understand now that the update to the first line is needed to get the test to pass after converting ! to @. It doesn't seem the most efficient way to do this though. We're wrapping a
t()
inside aSafeMarkup::format()
and then wrap it again inside anothert()
. All inside of a test assertion (which also does astrip_tags()
)Comment #183
xjmHm, the
format_string()
usages probably should have been included in #2564353: Remove !placeholder usage from SafeMarkup::format(). There are possibly non-test instances of those too so we should create another followup forformat_string()
. That said, since they appear to all be on assertion messages (as opposed to text being asserted) and it's the same conceptual change, there's virtually no risk so I'm okay with including them here.However, we should not continue to scope-creep by changing them to
SafeMarkup::format()
. This is a soft blocker (and possibly eventually a hard blocker) for a critical.Comment #184
xjmThis test also needs a followup. It's supposed to be a test for a double-escaping fix, but it does an assertRaw() on the result of t() rather than asserting the actual raw expected output. This means that if our changes to t() end up reintroducing double-escaping, this test will just test that it's double-escaped. :P
Comment #185
xjmOh, I also agree with @justAChris that this is kinda a WTF. It'd be better to remove both the format() and the t(), and just do a plain simple
assertText()
. Let's split this one off into its own issue too.Comment #186
dawehnerMh, how does that even pass, when
\Drupal\config_translation\ConfigEntityMapper::getTitle
is not changed?Just a doc for myself: This works because LinkGenerator uses
SafeMarkup::format()
Comment #187
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedworking on a new patch...
Comment #188
joelpittet#2567851: Use assertText() instead of t()/SafeMarkup::format() in NodeEditFormTest followup for #182/ #185
Comment #189
joelpittetCreated a follow-up for #183
#2567855: Replace !placeholder with @placeholder in format_string() for non-URLs
Comment #190
Sutharsan CreditAttribution: Sutharsan as a volunteer commentedComments addressed:
Comment #191
dawehnerJust a quick note: This makes it a bit harder to review the patch ...
Comment #192
joelpittetFiled follow-up for #184 at #2567857: Remove !placeholder in NodeRevisionUiTest and make it actually test the expected output
Comment #193
xjmOops. ;) Let's revert those.
Comment #194
xjmAnd yeah, like I said, we should not convert
format_string()
toSafeMarkup::format()
in this patch. See #183.Comment #195
larowlanfixing 193/4
Comment #196
larowlanFixes 193/194
Comment #197
dawehnerYeah, no you can actually use --word-diff
Comment #198
alexpottThere's stuff missing... patch on its way.
Comment #199
alexpottNew patch.
Comment #200
alexpottSome notes on the patch in #199
This just can be massively simplified since the url you are on is displayed by the drupalGet above.
Everything is wrong with HEAD here even the
assertText
is wrong... the message is 0 :)Comment #201
dawehnerFor sure, no question, that message is pointless, but still it makes the patch harder to review.
Comment #204
alexpottFixed tests and re-rolled on top of #2567851: Use assertText() instead of t()/SafeMarkup::format() in NodeEditFormTest
Comment #205
dawehnerWent through every instance, we are done now.
Comment #206
alexpottFound another :( Also reverting the changes to DisplayTest and UpdateFeedItemTest and filing followups since they might cause scope discussions and the followups won't conflict so happy days.
Comment #207
dawehnerDown to
--word-diff
changes again.Comment #208
alexpottCreated the followups:
Also added
ContactPersonalTest
as that uses!placeholder
but it is email testing and therefore needs to be handled differently as part of #2557113: Make t() return a TranslationWrapper object to remove reliance on a static, unpredictable safe list.Comment #210
alexpott#206 failed because of
GET http://ec2-54-186-69-54.us-west-2.compute.amazonaws.com/checkout/update.php/start?id=2&op=do_nojs returned 0 (0 bytes).
ie. PIFR mess.Comment #212
alexpottAs per #207
Comment #215
alexpottCOme on pifr...
Comment #216
justAChris CreditAttribution: justAChris as a volunteer commentedUpdating issue summary to reflect that fact that we included occurrences of !placeholder in format_string() in the scope of this issue.
Comment #217
xjmNo longer applies, alas. I think maybe one of the changes from another patch got mixed in here too?
Comment #218
alexpottComment #219
alexpottSo nope nothing got mixed up - the changes we just a line of context to near to each other... ho hum.
Comment #220
xjmThanks @alexpott.
Comment #222
chx CreditAttribution: chx commentedReroll, dont credit me.
Comment #224
alexpottWe also had a conflict in NodeRevisionsUiTest. Fixing. Cause #2567857: Remove !placeholder in NodeRevisionUiTest and make it actually test the expected output just landed.
Comment #225
alexpottFixing unnecessary rollback of #2568015: Replace !placeholder in UpdateFeedItemTest - happened in #218.
alexpott--
Comment #226
joelpittetRTBC++
alexpott++ (karma balance for noticing)
Comment #231
xjmI confirmed this variable is never used within that test method.
@Sutharsan thanks for documenting all the issue credits from the previous child issues. lauriii, izus, andypost, borisson_, and Sharique have not commented on this issue, so I have added them manually to the end of the commit message.
Committed and pushed to 8.0.x. Thanks everyone for your epic patience as we figured out how to scope this issue, and see you in #2567855: Replace !placeholder with @placeholder in format_string() for non-URLs and #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only!
Comment #233
alexpottSilly pifr... this is done.