[GHS] Partial wildcard attributes (<foo data-*>, <foo *-bar-*>, <foo *-bar>) and attribute values (<h2 id="jump-*">) not yet supported

This will result in:

Testing /Users/wim.leers/Work/d8/core/modules/ckeditor5/tests/src/Kernel
.....F.....                                                       11 / 11 (100%)

Time: 40.76 seconds, Memory: 8.00 MB

There was 1 failure:

1) Drupal\Tests\ckeditor5\Kernel\SmartDefaultSettingsTest::test with data set "basic_html_with_any_data_attr can be switched to CKEditor 5 without problems …………………………" ('basic_html_with_any_data_attr', array(), array(array(array('bold', 'italic', '|', 'link', '|', 'bulletedList', 'numberedList', '|', 'blockQuote', 'uploadImage', '|', 'heading', '|', 'sourceEditing', '|', 'code', 'textPartLanguage')), array(array(array('<cite>', '<dl>', '<dt>', '<dd>', '<a hreflang>', '<blockquote cite>', '<ul type>', '<ol start type>', '<h2 id>', '<h3 id>', '<h4 id>', '<h5 id>', '<h6 id>', '<img data-*>')), array(array('heading2', 'heading3', 'heading4', 'heading5', 'heading6')), array('un'))), '<img data-*> <span lang dir>', array(), array('The following plugins were en...</em>.', 'The following tags were permi...d&gt;.', 'The following plugins were en...</em>.', 'This format's HTML filters in...d&gt;.'))
Failed asserting that two strings are identical.
--- Expected
+++ Actual
@@ @@
-'<img data-*> <span lang dir>'
+'<img data-__attribute_wildcard__ data-entity-uuid data-entity-type data-caption data-align> <span lang dir>'

and:

Testing /Users/wim.leers/Work/d8/core/modules/ckeditor5/tests/src/Unit
.................F                                                18 / 18 (100%)

Time: 3.3 seconds, Memory: 8.00 MB

There was 1 failure:

1) Drupal\Tests\ckeditor5\Unit\HTMLRestrictionsTest::testParse with data set "<drupal-media data-*>" ('<drupal-media data-*>', array(array(true)))
Failed asserting that two arrays are identical.
--- Expected
+++ Actual
@@ @@
 Array &0 (
     'drupal-media' => Array &1 (
-        'data-*' => true
+        'data-__attribute_wildcard__' => true
     )
 )

Tangentially related CKEditor 4/filter system issue: #2105841: Xss filter() mangles image captions and title/alt/data attributes.

#4 already added some parsing/representation tests, but this adds the crucial tests for the SmartDefaultSettings test to actually pass: a failing test for the various operations on HtmlRestrictions.

#3228334: Refactor HTMLRestrictionsUtilities to a HtmlRestrictions value object is in! Now really pushing this forward again…

Yes, definitely!

Want to postpone this on that then?

Actually, that's a very good call, because that will ensure it actually works in CKEditor 5, because I think it currently does not … 🙈 And the fix that makes that super easy to add is also in #3259493: [GHS] Unable to limit attribute values: ::allowedElementsStringToHtmlSupportConfig() does not generate configuration that CKEditor 5 expects!

#3259493: [GHS] Unable to limit attribute values: ::allowedElementsStringToHtmlSupportConfig() does not generate configuration that CKEditor 5 expects is in!

Functional JS tests now added. In doing that, I realized that the issue title was not complete enough yet.

You can now go crazy with configurations like

<p data-* class="foo-*" foo="foo-*">

in your Source Editing configuration! 🤓🥳

I had to change \Drupal\ckeditor5\HTMLRestrictions::toGeneralHtmlSupportConfig() to use the key/value syntax documented at https://ckeditor5.github.io/docs/nightly/ckeditor5/latest/api/module_eng..., which is not listed at https://ckeditor5.github.io/docs/nightly/ckeditor5/latest/features/gener....

Note that we do have functional JS test coverage for this now — see

      // Edge case: `data-*` with wildcard attribute value.
      '<a data-*="sub*">' => [
        '<p>The <a href="https://example.com/pirate" data-grammar="subject">pirate</a> is <a href="https://example.com/irate">irate</a>.</p>',
        '<a data-*="sub*">',
      ],

→ that's a wildcard attribute name that has wildcard attribute values allowed! And we verify that CKEditor 5 in fact makes it possible to create this kind of content, only when it is configured to allow that!

Great feedback, thanks @bnjmnm, for your very thorough reviews! 👏

Thanks!

I queued a D10/PHP8.1 test. It only failed on D10 because it was using PHP 8.0, which D10 no longer supports as of last week 🥸

#23: data-* is the common case, and probably >95% of all "wildcard attribute name" uses in Drupal 8. This issue focuses on that, to allow more sites to successfully switch to CKEditor 5 ASAP. But you're right that this either needs a follow-up or we need to expand this issue's scope.

Do you have a preference?

Spent the past hour digging into #23–#25.

Turns out that doing this is relatively straightforward, so let's get this done here and now! This is pushing WAY beyond what was ever possible in CKEditor 4 🤯🤩🚀

(It's really cool to see even these pretty complex wildcard attribute restrictions appear correctly in the FilterHtml configuration, and not just that, but know that it is correctly interpreted everywhere 😊)

Updating issue title to clarify that.

1. 15f3fdd9b54618c34bd76ae18a0bfbe441c5bd21 added explicit test coverage — most notably it generalizes/parametrizes the data-* operations test coverage, so we can not only test suffix wildcards (i.e. data-*), but also prefix *-foo and infix foo-*-bar). The functional JS test coverage is also updated to test infix + prefix instead of only suffix.
   This should FAIL.
2. 878727479c0eb29f4eca56133d63f427f576edf0 adds support for arbitrary suffix (so not just data-*, but ANYTHING*) and then expands it to also support prefix and infix wildcards.
3. c534af6a67e7eb305df6e7e03035580bee8a8115 is a small addition that #3228334: Refactor HTMLRestrictionsUtilities to a HtmlRestrictions value object overlooked: new HTMLRestrictions(['foo' => ['*' => TRUE]]) does not make sense, one should use new HTMLRestrictions(['foo' => TRUE]) in that case. I realized this while working on the 2 preceding commits, and it allows me adding a clear assertion to ::isWildcardAttributeName().

Solid remarks — even though I tried to carefully reword/rephrase existing docs, I clearly didn't do a good enough job 😔 Thanks for paying attention to the important details :)

Thanks @bnjmnm!

Even though this is RTBC, there's some failures here. But … they're all actually to be ignored 😄

1. The 74953263 failure is a random failure in AjaxBlockTest, 100% unrelated.
2. The 10.0.x failure is because it was tested with PHP 8.0 but D10 only supports 8.1. (IDK why it's still possible to run tests there 🤷‍♀️) Queued a 8.1 test run.

Unrelated random AjaxBlockTest failures in 9.3 and 10 😬

#34: implemented — great catch! Note that we can only replace the second line you quoted, the first is subtly different because it handles attribute values, not attribute names.