WordPress.org

Make WordPress Core

Opened 7 weeks ago

Closed 7 weeks ago

Last modified 7 weeks ago

#53407 closed defect (bug) (fixed)

Widgets editor: HTML entities appear in Legacy Widget's description

Reported by: ramonopoly Owned by: SergeyBiryukov
Milestone: 5.8 Priority: normal
Severity: normal Version: 5.8
Component: REST API Keywords: has-patch has-unit-tests needs-refresh
Focuses: rest-api Cc:

Description

HTML entities appear in Legacy Widget's description. For example:

A monthly archive of your site’s Posts.

How to reproduce

  1. Head over to /wp-admin/themes.php?page=gutenberg-widgets and select a widget block.
  2. Check out the description in the inspector controls.

What I expected

The widget description in the block inspector should say "A monthly archive of your site’s Posts."

That is, with no encoded entities.

This is a duplicate report of GB31023, which was fixed in the plugin for sites running WP 5.7 in GB32503

cc @TimothyBJacobs @noisysocks 

Attachments (1)

Screen Shot 2021-06-15 at 3.56.34 pm.png (36.9 KB) - added by ramonopoly 7 weeks ago.
HTML entities appear in the Legacy Widget block's description.

Download all attachments as: .zip

Change History (14)

@ramonopoly
7 weeks ago

HTML entities appear in the Legacy Widget block's description.

#1 follow-up: @spacedmonkey
7 weeks ago

Might be related to #53138

This ticket was mentioned in PR #1371 on WordPress/wordpress-develop by ramonjd.


7 weeks ago

  • Keywords has-patch added; needs-patch removed

Trac ticket: https://core.trac.wordpress.org/ticket/53407

## Description

HTML entities appear in Legacy Widget's description. For example:

A monthly archive of your site’s Posts. 😱

This commit converts widget name and description HTML entities to their corresponding characters in the REST API response using html_entity_decode.

The decoding occurs before the call to prepare_item_for_response which sanitizes the value.

### Before

<img width="324" alt="Screen Shot 2021-06-15 at 3 56 34 pm" src="https://user-images.githubusercontent.com/6458278/122031674-435f8a00-ce12-11eb-9034-66bdb2b3eadb.png">

### After
<img width="344" alt="Screen Shot 2021-06-15 at 3 57 04 pm" src="https://user-images.githubusercontent.com/6458278/122031708-48bcd480-ce12-11eb-9434-f294c1359f51.png">

## Testing

  1. Head over to /wp-admin/themes.php?page=gutenberg-widgets and select a widget block.
  2. Check out the description in the inspector controls.

#3 in reply to: ↑ 1 @ramonopoly
7 weeks ago

Replying to spacedmonkey:

Might be related to #53138

Oh, I didn't see that. Thanks for pointing it out.

#53138 looks like it targets the source strings, whereas Github #1371 will decode all titles/description for the API response.

I'm happy to close this ticket if folks prefer. Cheers!

#4 @noisysocks
7 weeks ago

  • Component changed from Widgets to REST API
  • Keywords has-unit-tests commit added
  • Milestone changed from Awaiting Review to 5.8

Thanks @ramonopoly! The fix looks good to me. I think it's a more suitable alternative to #53138 as it is permitted that HTML entities can be in the title and description.

#5 @SergeyBiryukov
7 weeks ago

#53138 was marked as a duplicate.

#6 @SergeyBiryukov
7 weeks ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 51174:

REST API: Decode HTML entities in widget names and descriptions in widget types controller.

Follow-up to [50995].

Props ramonopoly, noisysocks, spacedmonkey, justinahinon, audrasjb, SergeyBiryukov.
Fixes #53407.

#7 @SergeyBiryukov
7 weeks ago

In 51175:

Coding Standards: Fix WPCS issue in [51174].

See #53407.

#8 @ramonopoly
7 weeks ago

Coding Standards: Fix WPCS issue in [51174].

Thanks for spotting the extra spaces I'd left in there @SergeyBiryukov !

#9 @ocean90
7 weeks ago

  • Keywords needs-refresh added; commit removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Is there a reason why single-quotes should not be decoded? For consistency with similar calls we should pass ENT_QUOTES as the second argument and also set the encoding to the value of get_bloginfo( 'charset' ).

#10 @ramonopoly
7 weeks ago

Is there a reason why single-quotes should not be decoded?

Ah, this was an oversight. Good spotting, thank you @ocean90

Just to confirm, we should change it to something like:

$widget['description'] = html_entity_decode( $widget['description'], ENT_QUOTES, get_bloginfo( 'charset' ) )

#12 @SergeyBiryukov
7 weeks ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 51183:

REST API: Decode single and double quote entities in widget names and descriptions.

Follow-up to [51174], [51175].

Props ocean90, ramonopoly.
Fixes #53407.

#13 @prbot
7 weeks ago

SergeyBiryukov commented on PR #1371:

The latest commits are now also merged in https://core.trac.wordpress.org/changeset/51183.

Note: See TracTickets for help on using tickets.