Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Highlight insecure element and scroll to it #73

Merged
merged 33 commits into from
Mar 1, 2023
Merged

Highlight insecure element and scroll to it #73

merged 33 commits into from
Mar 1, 2023

Conversation

cadic
Copy link
Contributor

@cadic cadic commented May 24, 2022
edited
Loading

Description of the Change

Adds "View element" button, which scrolls editor to the element with insecure content. The element is highlighted with the red outline.

Works both in Classic and Block editor.

The outline is cleared before every new content check, post save or preview.

Closes #9

Verification Process

  1. Create new post
  2. Add some content and put insecure element/block at the end of the content (outside of the first screen)
  3. Try to save the post, the insecure warning should appear
  4. Click on "View element" link/button (depends on the Block or Classic editor you use)
  5. The page expected to scroll to the element/block and add a red outline to it
highlight-scroll.mp4

Possible Drawbacks

The original tracking design doesn't allow to identify exact element/block which refers to insecure content. We only have list of URLs, which is used in this PR to find elements in the editor.

If the content have multiple elements with the same URL, multiple items with this URL will be added to the warning block. But any "View element" link from the identical URLs will only scroll/highlight the first element.

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests passed.

Changelog Entry

Added - "View element" link to highlight and auto-scroll to the insecure element
Fixed - Dependencies of JavaScript assets

Credits

Props @cadic, @psorensen, @adamsilverstein, @dkotter

@cadic cadic self-assigned this May 24, 2022
@jeffpaul jeffpaul added this to the 1.1.0 milestone May 24, 2022
@cadic cadic changed the title Feature/highlight Highlight insecure element and scroll to it May 25, 2022
@cadic cadic requested review from a team, peterwilsoncc and jeffpaul and removed request for a team May 25, 2022 09:40
@cadic cadic marked this pull request as ready for review May 25, 2022 09:40
peterwilsoncc
peterwilsoncc reviewed May 25, 2022
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While testing, I notice the insecure element only has the border added if the "scroll to element" button is clicked. Is this intentional?

red-borders

(Gif only shows block editor but the same happens in the classic editor)

🔢 Is used to indicate the comment applies elsewhere in the PR.

src/js/gutenberg.js Outdated
@@ -1,6 +1,10 @@
import { debounce } from 'underscore';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are a few items in use in this file that are not listed in the dependencies (jQuery, apiRequest, domReady). Some of these are legacy issues but it would be good to add them to ensure this update doesn't end up changing the order in which files are included.

insecure-content-warning/includes/assets.php

Lines 34 to 40 in 42a8fbf

wp_enqueue_script(
'insecure-content-gutenberg',
INSECURE_CONTENT_URL . 'dist/js/gutenberg.js',
array( 'wp-components', 'wp-data', 'wp-dom', 'wp-editor', 'wp-element', 'wp-edit-post', 'wp-i18n', 'wp-plugins' ),
INSECURE_CONTENT_VERSION,
true
);

🔢 To avoid a duplicate comment, are you able to review both JS files dependencies?

insecure-content-warning/includes/assets.php

Lines 60 to 66 in 42a8fbf

wp_enqueue_script(
'insecure-content-admin',
INSECURE_CONTENT_URL . 'dist/js/classic-editor.js',
array( 'wp-i18n' ),
INSECURE_CONTENT_VERSION,
true
);

@cadic
Copy link
Contributor Author

cadic commented May 26, 2022

While testing, I notice the insecure element only has the border added if the "scroll to element" button is clicked. Is this intentional?

From the original issue report and discussion, the highlight expected to happen on an explicit action. Thanks to your demo, it looks like we should avoid highlighting multiple items at a time, I will add "blur all" action before highlighting new element.

@cadic cadic marked this pull request as draft May 26, 2022 10:12
@cadic
Copy link
Contributor Author

cadic commented May 26, 2022

Added a note about multiple elements with the same URL to PR description

@jeffpaul jeffpaul requested a review from peterwilsoncc May 26, 2022 18:40
@peterwilsoncc
Copy link
Contributor

The changes are working as expected, only one image is highlighted at a time.

I did notice in the block editor that the code will no longer scroll to an element if the post is unsaved. Again a gif to demonstrate:

The steps I am taking are:

  1. Create a post
  2. Add some content, insecure images
  3. Click publish, warning show
  4. Click view element -- scrolling fails
  5. Click save draft
  6. Click view element -- scrolling fails
  7. Go to post list view
  8. Reopen post
  9. Click publish
  10. Click view element -- scrolling succeeds

unsaved-post

I am on leave next week so you'll need to reassign this issue for review.

@cadic cadic requested a review from peterwilsoncc November 8, 2022 11:39
@cadic cadic marked this pull request as ready for review November 8, 2022 14:41
peterwilsoncc
peterwilsoncc reviewed Nov 9, 2022
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now working as expected, are you able to take a look at this earlier comment about dependencies to ensure all required files are listed for the JS files?

https://github.com/10up/insecure-content-warning/pull/73/files#r882190332

@cadic
Copy link
Contributor Author

cadic commented Dec 16, 2022

@peterwilsoncc I've added Webpack Dependency Extractor Plugin to handle with dependencies

@cadic cadic requested a review from peterwilsoncc December 16, 2022 07:07
peterwilsoncc
peterwilsoncc requested changes Dec 19, 2022
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry Max, one final thing due to the dependency extractor not including underscore.

@cadic cadic requested a review from peterwilsoncc January 6, 2023 17:52
peterwilsoncc
peterwilsoncc previously approved these changes Jan 8, 2023
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Max, I checked the built assets and they now include underscore.

The eslint and dependency failures look to be coming from elsewhere so I don't think they need to block merge.

@jeffpaul
Copy link
Member

jeffpaul commented Jan 9, 2023

@dkotter will leave it up to you if you want to merge this in ahead of the 1.0.3 release or not

@cadic cadic requested a review from a team as a code owner February 19, 2023 19:57
peterwilsoncc
peterwilsoncc approved these changes Mar 1, 2023
View reviewed changes
Copy link
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still happy with this.

For some reason the eslint and cypress jobs have started failing since I last looked at this repo. I did a quick test in another branch and it seems unrelated to this PR.

@jeffpaul jeffpaul merged commit 85ccd6b into develop Mar 1, 2023
@jeffpaul jeffpaul deleted the feature/highlight branch March 1, 2023 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterwilsoncc peterwilsoncc peterwilsoncc approved these changes

Assignees

@cadic cadic

Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.

Visually highlight insecure assets in the editor
4 participants
@cadic @peterwilsoncc @jeffpaul @dkotter