fix: Markup is visible in checkout error notices

[wavvves]

This PR fixes the displaying of unrendered HTML within our checkout notices.

Fixes #6628

Accessibility

• I've tested using only a keyboard (no mouse)
• I've tested using a screen reader
• All animations respect prefers-reduced-motion
• All text has at least a 4.5 color contrast with its background

Other Checks

• This PR adds/removes a feature flag & I've updated this doc.
• This PR adds/removes an experimental interfaces and I've updated this doc.
• I tagged two reviewers because this PR makes queries to the database or I think it might have some security impact.

Screenshots

Before:

After:

Testing

Automated Tests

• Changes in this PR are covered by Automated Tests.
  • Unit tests
  • E2E tests

User Facing Testing

1. Add items to the cart and go to the Checkout block.
2. Open https://github.com/woocommerce/woocommerce-blocks/blob/029b379138906872dec3ed920fcb23d24404a3f2/src/StoreApi/Schemas/V1/CheckoutSchema.php#L26-L25 in your editor, introduce a syntax error.
3. Try to check out.
4. See the notice with rendered HTML. Special note to the link displaying properly.

• Do not include in the Testing Notes

WooCommerce Visibility

• WooCommerce Core
• Feature plugin
• Experimental

Performance Impact

Changelog

Enabled HTML rendering within notices for checkout.

[github-actions]

The release ZIP for this PR is accessible via:

https://wcblocks.wpcomstaging.com/wp-content/uploads/woocommerce-gutenberg-products-block-6800.zip

[github-actions]

Size Change: +121 B (0%)

Total Size: 874 kB

Filename	Size	Change
build/cart-frontend.js	47.1 kB	+13 B (0%)
build/cart.js	41.8 kB	+15 B (0%)
build/checkout-frontend.js	49.3 kB	+20 B (0%)
build/checkout.js	43.2 kB	+14 B (0%)
build/wc-blocks-style-rtl.css	23.8 kB	+31 B (0%)
build/wc-blocks-style.css	23.7 kB	+28 B (0%)

ℹ️ View Unchanged

Filename	Size
build/active-filters-frontend.js	7.62 kB
build/active-filters.js	8.27 kB
build/all-products-frontend.js	18.1 kB
build/all-products.js	33.9 kB
build/all-reviews.js	7.79 kB
build/attribute-filter-frontend.js	22.3 kB
build/attribute-filter.js	13.3 kB
build/blocks-checkout.js	17.4 kB
build/cart-blocks/cart-accepted-payment-methods-frontend.js	1.16 kB
build/cart-blocks/cart-express-payment-frontend.js	5.08 kB
build/cart-blocks/cart-items-frontend.js	299 B
build/cart-blocks/cart-line-items--mini-cart-contents-block/products-table-frontend.js	5.25 kB
build/cart-blocks/cart-line-items-frontend.js	429 B
build/cart-blocks/cart-order-summary-frontend.js	1.11 kB
build/cart-blocks/cart-totals-frontend.js	322 B
build/cart-blocks/empty-cart-frontend.js	346 B
build/cart-blocks/filled-cart-frontend.js	783 B
build/cart-blocks/order-summary-coupon-form-frontend.js	2.64 kB
build/cart-blocks/order-summary-discount-frontend.js	2.15 kB
build/cart-blocks/order-summary-fee-frontend.js	274 B
build/cart-blocks/order-summary-heading-frontend.js	454 B
build/cart-blocks/order-summary-shipping--checkout-blocks/order-summary-shipping-frontend.js	6.37 kB
build/cart-blocks/order-summary-shipping-frontend.js	428 B
build/cart-blocks/order-summary-subtotal-frontend.js	274 B
build/cart-blocks/order-summary-taxes-frontend.js	435 B
build/cart-blocks/proceed-to-checkout-frontend.js	1.15 kB
build/checkout-blocks/actions-frontend.js	1.42 kB
build/checkout-blocks/billing-address--checkout-blocks/shipping-address-frontend.js	4.12 kB
build/checkout-blocks/billing-address-frontend.js	888 B
build/checkout-blocks/contact-information-frontend.js	2.84 kB
build/checkout-blocks/express-payment-frontend.js	5.38 kB
build/checkout-blocks/fields-frontend.js	344 B
build/checkout-blocks/order-note-frontend.js	1.08 kB
build/checkout-blocks/order-summary-cart-items-frontend.js	3.64 kB
build/checkout-blocks/order-summary-coupon-form-frontend.js	2.79 kB
build/checkout-blocks/order-summary-discount-frontend.js	2.27 kB
build/checkout-blocks/order-summary-fee-frontend.js	276 B
build/checkout-blocks/order-summary-frontend.js	1.11 kB
build/checkout-blocks/order-summary-shipping-frontend.js	602 B
build/checkout-blocks/order-summary-subtotal-frontend.js	274 B
build/checkout-blocks/order-summary-taxes-frontend.js	434 B
build/checkout-blocks/payment-frontend.js	7.69 kB
build/checkout-blocks/shipping-address-frontend.js	1.03 kB
build/checkout-blocks/shipping-methods-frontend.js	4.74 kB
build/checkout-blocks/terms-frontend.js	1.23 kB
build/checkout-blocks/totals-frontend.js	326 B
build/featured-category.js	13.2 kB
build/featured-product.js	13.4 kB
build/general-style-rtl.css	1.29 kB
build/general-style.css	1.29 kB
build/handpicked-products.js	7.29 kB
build/legacy-template.js	2.84 kB
build/mini-cart-component-frontend.js	16.8 kB
build/mini-cart-contents-block/empty-cart-frontend.js	366 B
build/mini-cart-contents-block/filled-cart-frontend.js	230 B
build/mini-cart-contents-block/footer--mini-cart-contents-block/products-table-frontend.js	4.69 kB
build/mini-cart-contents-block/footer-frontend.js	6.98 kB
build/mini-cart-contents-block/items-frontend.js	237 B
build/mini-cart-contents-block/products-table-frontend.js	290 B
build/mini-cart-contents-block/shopping-button-frontend.js	288 B
build/mini-cart-contents-block/title-frontend.js	368 B
build/mini-cart-contents.js	22.9 kB
build/mini-cart-frontend.js	1.72 kB
build/mini-cart.js	4.56 kB
build/price-filter-frontend.js	13.4 kB
build/price-filter.js	9.34 kB
build/price-format.js	1.19 kB
build/product-add-to-cart--product-button--product-category-list--product-image--product-price--product-r--a0326d00.js	223 B
build/product-add-to-cart--product-button--product-image--product-title.js	2.66 kB
build/product-add-to-cart-frontend.js	6.95 kB
build/product-add-to-cart.js	6.88 kB
build/product-best-sellers.js	7.62 kB
build/product-button--product-category-list--product-image--product-price--product-rating--product-sale-b--e17c7c01.js	435 B
build/product-button--product-image--product-rating--product-sale-badge--product-title.js	300 B
build/product-button-frontend.js	1.87 kB
build/product-button.js	1.57 kB
build/product-categories.js	2.36 kB
build/product-category-list-frontend.js	883 B
build/product-category-list.js	502 B
build/product-category.js	8.61 kB
build/product-image-frontend.js	1.88 kB
build/product-image.js	1.59 kB
build/product-new.js	7.62 kB
build/product-on-sale.js	7.94 kB
build/product-price-frontend.js	1.9 kB
build/product-price.js	1.51 kB
build/product-query.js	648 B
build/product-rating-frontend.js	1.17 kB
build/product-rating.js	739 B
build/product-sale-badge-frontend.js	1.13 kB
build/product-sale-badge.js	801 B
build/product-search.js	2.62 kB
build/product-sku-frontend.js	380 B
build/product-sku.js	379 B
build/product-stock-indicator-frontend.js	996 B
build/product-stock-indicator.js	623 B
build/product-summary-frontend.js	1.29 kB
build/product-summary.js	920 B
build/product-tag-list-frontend.js	876 B
build/product-tag-list.js	497 B
build/product-tag.js	8 kB
build/product-title-frontend.js	1.31 kB
build/product-title.js	921 B
build/product-top-rated.js	7.86 kB
build/products-by-attribute.js	8.53 kB
build/reviews-by-category.js	11.2 kB
build/reviews-by-product.js	12.3 kB
build/reviews-frontend.js	7.02 kB
build/single-product-frontend.js	21.4 kB
build/single-product.js	10 kB
build/stock-filter-frontend.js	7.62 kB
build/stock-filter.js	7.52 kB
build/vendors--cart-blocks/cart-line-items--cart-blocks/cart-order-summary--cart-blocks/order-summary-shi--c02aad66-frontend.js	5.26 kB
build/vendors--cart-blocks/cart-line-items--checkout-blocks/order-summary-cart-items--mini-cart-contents---233ab542-frontend.js	3.14 kB
build/vendors--cart-blocks/order-summary-shipping--checkout-blocks/billing-address--checkout-blocks/order--5b8feb0b-frontend.js	4.85 kB
build/vendors--cart-blocks/order-summary-shipping--checkout-blocks/billing-address--checkout-blocks/order--decc3dc6-frontend.js	19.1 kB
build/vendors--mini-cart-contents-block/footer-frontend.js	6.86 kB
build/vendors--product-add-to-cart-frontend.js	7.53 kB
build/wc-blocks-data.js	9.87 kB
build/wc-blocks-editor-style-rtl.css	5.11 kB
build/wc-blocks-editor-style.css	5.11 kB
build/wc-blocks-google-analytics.js	1.56 kB
build/wc-blocks-middleware.js	931 B
build/wc-blocks-registry.js	2.7 kB
build/wc-blocks-shared-context.js	1.53 kB
build/wc-blocks-shared-hocs.js	1.71 kB
build/wc-blocks-vendors-style-rtl.css	1.95 kB
build/wc-blocks-vendors-style.css	1.95 kB
build/wc-blocks-vendors.js	54.5 kB
build/wc-blocks.js	2.63 kB
build/wc-payment-method-bacs.js	816 B
build/wc-payment-method-cheque.js	811 B
build/wc-payment-method-cod.js	909 B
build/wc-payment-method-paypal.js	837 B
build/wc-settings.js	2.6 kB

_{compressed-size-action}

[wavvves]

Hi @opr, do you mind giving me a hand here? I had a look online about using @wordpress/element to properly render HTML inside notices, but I'm still seeing [object Object]. Am I missing any step?

[opr]

Hi @opr, do you mind giving me a hand here? I had a look online about using @wordpress/element to properly render HTML inside notices, but I'm still seeing [object Object]. Am I missing any step?

What exactly are you doing to get this? Can you share some code? What is inside the object?

[wavvves]

What exactly are you doing to get this? Can you share some code? What is inside the object?

This is the change I did, and I was taking this as a clue for fixing this.

This is what the object contains (print because copying the object is just too plain):

[wavvves]

I don't know if something changed in the meantime, but those links I referred might be outdated. Looking at createErrorNotice() definition we see it's just a wrapper for createNotice(). Also by method signature, string is the only param type truly acceptable. Not sure how we can go further with this without changing external stuff 🤔

/**
 * Returns an action object used in signalling that an error notice is to be
 * created. Refer to `createNotice` for options documentation.
 *
 * @see createNotice
 *
 * @param {string} content   Notice message.
 * @param {Object} [options] Optional notice options.
 *
 * @return {Object} Action object.
 */
export function createErrorNotice( content, options ) {
	return createNotice( 'error', content, options );
}

[opr]

createNotice is an action on the core/notices data store. Maybe we could check how the StoreNoticesContainer component reads and displays those notices. We might be able to render HTML by changing something there?

[wavvves]

createNotice is an action on the core/notices data store. Maybe we could check how the StoreNoticesContainer component reads and displays those notices. We might be able to render HTML by changing something there?

Without changing Notice? Plus it reuses it for spokenMessage attr 🤔

These are the props being passed for Notice. And it explicitly uses createElement(Text, ..., content)

{
    "id": "checkout",
    "status": "error",
    "content": "<p>There has been a critical error on this website.</p><p><a href=\"https://wordpress.org/support/article/faq-troubleshooting/\">Learn more about troubleshooting WordPress.</a></p>",
    "spokenMessage": "<p>There has been a critical error on this website.</p><p><a href=\"https://wordpress.org/support/article/faq-troubleshooting/\">Learn more about troubleshooting WordPress.</a></p>",
    "isDismissible": true,
    "actions": [],
    "type": "default",
    "icon": null,
    "explicitDismiss": false
}

[wavvves]

@opr have a look now, please. As I was about to reach Gutenberg for help I noticed the undocumented __unstableHTML option, and setting that to true did what we wanted. You can have a look at the source for createNotice() here (the other methods are wrappers for that). 🤞🏼

[opr]

Thanks @wavvves it's working for me now, the link works.

I see the second paragraph in this notice has some bottom-margin which makes the notice look weird. I'm not sure how we can solve that for every use case, we can remove the margin on the last p element, but what if another notice has a different element with margin on.

Moreover, I'm not really confident we should be using __unstableHTML solve this. That API is unstable and could change without notice, do you feel OK with using it?

[wavvves]

I see the second paragraph in this notice has some bottom-margin which makes the notice look weird. I'm not sure how we can solve that for every use case, we can remove the margin on the last p element, but what if another notice has a different element with margin on.

Since the notices wrapper has padding set, I would say we should remove margin-top for the *:first-child, and margin-bottom on the *:last-child (notice the wrapping div container). When the content is plain text this won't have any effect. Even if it did it would probably be ok, we only need to ensure we won't mess with the action button.

What do you think?

Moreover, I'm not really confident we should be using __unstableHTML to solve this. That API is unstable and could change without notice, do you feel OK with using it?

It's not using it that bothers me, but the fact that it exists 😅.
Since we are using a fixed version for it ("@wordpress/notices": "3.12.0") and this is for 4xx/5xx where errors are predictable we should be relatively safe using this.
If someone could modify the server response to hijack a checkout page, then not using this won't prevent that.

[opr]

Since the notices wrapper has padding set, I would say we should remove margin-top for the *:first-child, and margin-bottom on the *:last-child (notice the wrapping div container). When the content is plain text this won't have any effect. Even if it did it would probably be ok, we only need to ensure we won't mess with the action button.

Yes, I think this is fine! Please would you implement it?

Since we are using a fixed version for it ("@wordpress/notices": "3.12.0") and this is for 4xx/5xx where errors are predictable we should be relatively safe using this.

OK, thank you, I think your solution is fine then 😄

[alexflorisca]

Looks good, nice one @wavvves , 🚢 it

[wavvves]

Looks good, nice one @wavvves , 🚢 it

Thanks @alexflorisca 😎
I think there's still a failing test caused by this (maybe just needs to be updated)

[tarunvijwani]

Thanks @alexflorisca 😎 I think there's still a failing test caused by this (maybe just needs to be updated)

May I know which test is failing for you? It is working for me.

[alexflorisca]

I think there's still a failing test caused by this (maybe just needs to be updated)

The unit tests all pass in CI so I think we're good there. The e2e tests I assume are down to flakiness but that might be a bad habit I got into!

[wavvves]

May I know which test is failing for you? It is working for me.

@tarunvijwani @alexflorisca It's this one that seems related to this. The Gutenberg ones are the flaky stuff, and there seems to be another (expecting /checkout and got /checkout-block) that I would put down my money got introduced because it slipped under the radar due to the flaky ones, right?

[wavvves]

May I know which test is failing for you? It is working for me.

@tarunvijwani @alexflorisca It's this one that seems related to this. The Gutenberg ones are the flaky stuff, and there seems to be another (expecting /checkout and got /checkout-block) that I would put down my money got introduced because it slipped under the radar due to the flaky ones, right?

Forget about that, I thought it was a notice, so unrelated. Still, the non-Gutenberg failing tests seem fixable. (that one expecting "Your cart is empty!" whereas the text seems to be "Your cart is currently empty!". I'll try a quick fix for that on this branch.)

PS- It seems to have fixed that particular test. I think I'm merging this now and will leave any additional E2E investigation to the proper issue. I merging this :)

[sunyatasattva]

Excluding from testing notes as discussed here: p1664204890072169-slack-C02UBB1EPEF