Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update sanitization reporting #951

Merged
merged 5 commits into from
Feb 15, 2018
Merged

Conversation

westonruter
Copy link
Member

@westonruter westonruter commented Feb 10, 2018

Follow-up on #912 for #843.

  • Eliminate sanitization reporting during save_post action in favor of doing it inline when loading the edit post screen.
  • Make sure that AMP embeds are run prior to sanitization.

This PR could also include parts from #842 if we want.

@westonruter westonruter requested a review from kienstra February 10, 2018 04:13
@westonruter westonruter added this to the v0.7 milestone Feb 10, 2018
@westonruter westonruter force-pushed the update/sanitization-reporting branch from 0e47520 to fd56169 Compare February 10, 2018 07:02
Copy link
Contributor

@kienstra kienstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commits Approved

Hi @westonruter,
Thanks a lot for your commits here. It's nice how this gets the count of elements and attributes in track_removed(), instead of every time one is added.

I'll continue by applying the 2 checkbox points you made.

Ryan Kienstra added 3 commits February 13, 2018 13:31
Before, this was on the 'save_post' action.
But as Weston mentioned,
this could be in one place,
and this removes the need for a nonce.
Also, remove the function is_authorized().
This checked for a nonce.
Replace this with the existing has_cap().
Because 'wpautop' runs on 'the_content',
process_markup() showed errors from removing <p> tags.
For example, it created this markup:
<p><script async src=https://example.com/script></script></p>
It seemed to have removed the <p> tag,
As it contained a disallowed element.
But it's not needed to report that the <p> is removed.
So remove 'wpautop' as a callback for 'the_content.'
Gutenberg also does this, unless the post has no block.
@see gutenberg_wpautop().
Instead of wrapping the 'invalid_callback' in this,
simply exist process_markup().
If that callback isn't added,
there's no need for the rest of the function.
@westonruter
Copy link
Member Author

The fix to embeds here should prevent this from happening on #954:

image

@westonruter westonruter changed the title [WIP] Update sanitization reporting Update sanitization reporting Feb 15, 2018
@westonruter westonruter merged commit acf84e6 into develop Feb 15, 2018
@westonruter westonruter deleted the update/sanitization-reporting branch February 15, 2018 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants