This repository has been archived by the owner on Sep 11, 2024. It is now read-only.
Escape placeholder before injecting it into the style #11607
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In particular this adds escaping for backslashes which was previously missing.
Johennes
added
the
T-Defect
|
Have added some tests now. |
t3chguy
reviewed
Sep 18, 2023
| // escape single quotes | ||
| const placeholder = this.props.placeholder?.replace(/'/g, "\\'"); | ||
| this.editorRef.current?.style.setProperty("--placeholder", `'${placeholder}'`); | ||
| this.editorRef.current?.style.setProperty("--placeholder", `'${CSS.escape(this.props.placeholder ?? "")}'`); |
There was a problem hiding this comment.
https://developer.mozilla.org/en-US/docs/Web/API/CSS/escape_static says its intended for use for escaping selectors rather than values, are we sure its the right method to use here?
There was a problem hiding this comment.
Yes, that's its primary use. The docs you linked also point at the possible use for escaping general strings:
The
escape()method can also be used for escaping strings, although it escapes characters that don't strictly need to be escaped
The over-escaping didn't seem to hurt in my testing and I couldn't find anything better / easier.
I think the alternative would be to extend the custom escaping to also cover backslashes? If you think that's better, I could also try that. Just seemed more complicated and error prone at first sight.
robintown
approved these changes
Sep 19, 2023
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Sep 30, 2023
Changes in [1.11.45](https://github.com/vector-im/element-web/releases/tag/v1.11.45) (2023-09-29) ================================================================================================= ## 🐛 Bug Fixes * Fix Emoji font on Safari 17 ([\#11673](matrix-org/matrix-react-sdk#11673)). Changes in [1.11.44](https://github.com/vector-im/element-web/releases/tag/v1.11.44) (2023-09-26) ================================================================================================= ## ✨ Features * Make video & voice call buttons pin conference widget if unpinned ([\#11576](matrix-org/matrix-react-sdk#11576)). Fixes vector-im/customer-retainer#72. * OIDC: persist refresh token ([\#11249](matrix-org/matrix-react-sdk#11249)). Contributed by @kerryarchibald. * ElementR: Cross user verification ([\#11364](matrix-org/matrix-react-sdk#11364)). Fixes #25752. Contributed by @florianduros. * Default intentional mentions ([\#11602](matrix-org/matrix-react-sdk#11602)). * Notify users about denied access on ask-to-join rooms ([\#11480](matrix-org/matrix-react-sdk#11480)). Contributed by @nurjinjafar. * Allow setting knock room directory visibility ([\#11529](matrix-org/matrix-react-sdk#11529)). Contributed by @charlynguyen. ## 🐛 Bug Fixes * Revert "Fix regression around FacePile with overflow (#11527)" ([\#11634](matrix-org/matrix-react-sdk#11634)). Fixes #26209. * Escape placeholder before injecting it into the style ([\#11607](matrix-org/matrix-react-sdk#11607)). * Move ViewUser action callback to RoomView ([\#11495](matrix-org/matrix-react-sdk#11495)). Fixes #26040. * Fix room timeline search toggling behaviour edge case ([\#11605](matrix-org/matrix-react-sdk#11605)). Fixes #26105. * Avoid rendering view-message link in RoomKnocksBar unnecessarily ([\#11598](matrix-org/matrix-react-sdk#11598)). Contributed by @charlynguyen. * Use knock rooms sync to reflect the knock state ([\#11596](matrix-org/matrix-react-sdk#11596)). Fixes #26043 and #26044. Contributed by @charlynguyen. * Fix avatar in right panel not using the correct font ([\#11593](matrix-org/matrix-react-sdk#11593)). Fixes #26061. Contributed by @MidhunSureshR. * Add waits in Spotlight Cypress tests, hoping this unflakes them ([\#11590](matrix-org/matrix-react-sdk#11590)). Fixes #26053, #26140 #26139 and #26138. Contributed by @andybalaam. * Fix vertical alignment of default avatar font ([\#11582](matrix-org/matrix-react-sdk#11582)). Fixes #26081. * Fix avatars in public room & space search being flex shrunk ([\#11580](matrix-org/matrix-react-sdk#11580)). Fixes #26133. * Fix EventTile avatars being rendered with a size of 0 instead of hidden ([\#11558](matrix-org/matrix-react-sdk#11558)). Fixes #26075. Changes in [1.11.43](https://github.com/vector-im/element-web/releases/tag/v1.11.43) (2023-09-15) ================================================================================================= (No changes - bumping the version number for an element-desktop release.) Changes in [1.11.42](https://github.com/vector-im/element-web/releases/tag/v1.11.42) (2023-09-13) ================================================================================================= ## 🐛 Bug Fixes * Update Compound to fix Firefox-specific avatar regression ([\#11604](matrix-org/matrix-react-sdk#11604)). Fixes #26155. Changes in [1.11.41](https://github.com/vector-im/element-web/releases/tag/v1.11.41) (2023-09-12) ================================================================================================= ## 🦖 Deprecations * Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes #25733. ## ✨ Features * Make SVGR icons use forward ref ([\#26082](element-hq/element-web#26082)). * Add support for rendering a custom wrapper around Element ([\#25537](element-hq/element-web#25537)). Contributed by @maheichyk. * Allow creating public knock rooms ([\#11481](matrix-org/matrix-react-sdk#11481)). Contributed by @charlynguyen. * Render custom images in reactions according to MSC4027 ([\#11087](matrix-org/matrix-react-sdk#11087)). Contributed by @sumnerevans. * Introduce room knocks bar ([\#11475](matrix-org/matrix-react-sdk#11475)). Contributed by @charlynguyen. * Room header UI updates ([\#11507](matrix-org/matrix-react-sdk#11507)). Fixes #25892. * Remove green "verified" bar for encrypted events ([\#11496](matrix-org/matrix-react-sdk#11496)). * Update member count on room summary update ([\#11488](matrix-org/matrix-react-sdk#11488)). * Support for E2EE in Element Call ([\#11492](matrix-org/matrix-react-sdk#11492)). * Allow requesting to join knock rooms via spotlight ([\#11482](matrix-org/matrix-react-sdk#11482)). Contributed by @charlynguyen. * Lock out the first tab if Element is opened in a second tab. ([\#11425](matrix-org/matrix-react-sdk#11425)). Fixes #25157. * Change avatar to use Compound implementation ([\#11448](matrix-org/matrix-react-sdk#11448)). ## 🐛 Bug Fixes * Fix vertical alignment of default avatar font ([\#11582](matrix-org/matrix-react-sdk#11582)). Fixes #26081. * Fix avatars in public room & space search being flex shrunk ([\#11580](matrix-org/matrix-react-sdk#11580)). Fixes #26133. * Fix EventTile avatars being rendered with a size of 0 instead of hidden ([\#11558](matrix-org/matrix-react-sdk#11558)). Fixes #26075. * Fix compound external assets path in bundle ([\#26069](element-hq/element-web#26069)). * Use RoomStateEvent.Update for knocks ([\#11516](matrix-org/matrix-react-sdk#11516)). Contributed by @charlynguyen. * Prevent event propagation when clicking icon buttons ([\#11515](matrix-org/matrix-react-sdk#11515)). * Only display RoomKnocksBar when feature flag is enabled ([\#11513](matrix-org/matrix-react-sdk#11513)). Contributed by @andybalaam. * Fix avatars of knock members for people tab of room settings ([\#11506](matrix-org/matrix-react-sdk#11506)). Fixes #26083. Contributed by @charlynguyen. * Fixes read receipt avatar offset ([\#11483](matrix-org/matrix-react-sdk#11483)). Fixes #26067, #26064 #26059 and #26061. * Fix avatar defects ([\#11473](matrix-org/matrix-react-sdk#11473)). Fixes #26051 and #26046. * Fix consistent avatar output for Percy ([\#11472](matrix-org/matrix-react-sdk#11472)). Fixes #26049 and #26052. * Fix colour of avatar and colour matching with username ([\#11470](matrix-org/matrix-react-sdk#11470)). Fixes #26042. * Fix incompatibility of Soft Logout with Element-R ([\#11468](matrix-org/matrix-react-sdk#11468)). * Fix instances of double translation and guard translation calls using typescript ([\#11443](matrix-org/matrix-react-sdk#11443)).
estellecomment
added a commit
to tchapgouv/tchap-web-v4
that referenced
this pull request
Oct 9, 2023
…xed, not tried running yet * Make video & voice call buttons pin conference widget if unpinned ([\#11576](matrix-org/matrix-react-sdk#11576)). Fixes vector-im/customer-retainer#72. * OIDC: persist refresh token ([\#11249](matrix-org/matrix-react-sdk#11249)). Contributed by @kerryarchibald. * ElementR: Cross user verification ([\#11364](matrix-org/matrix-react-sdk#11364)). Fixes #25752. Contributed by @florianduros. * Default intentional mentions ([\#11602](matrix-org/matrix-react-sdk#11602)). * Notify users about denied access on ask-to-join rooms ([\#11480](matrix-org/matrix-react-sdk#11480)). Contributed by @nurjinjafar. * Allow setting knock room directory visibility ([\#11529](matrix-org/matrix-react-sdk#11529)). Contributed by @charlynguyen. * Revert "Fix regression around FacePile with overflow (#11527)" ([\#11634](matrix-org/matrix-react-sdk#11634)). Fixes #26209. * Escape placeholder before injecting it into the style ([\#11607](matrix-org/matrix-react-sdk#11607)). * Move ViewUser action callback to RoomView ([\#11495](matrix-org/matrix-react-sdk#11495)). Fixes #26040. * Fix room timeline search toggling behaviour edge case ([\#11605](matrix-org/matrix-react-sdk#11605)). Fixes #26105. * Avoid rendering view-message link in RoomKnocksBar unnecessarily ([\#11598](matrix-org/matrix-react-sdk#11598)). Contributed by @charlynguyen. * Use knock rooms sync to reflect the knock state ([\#11596](matrix-org/matrix-react-sdk#11596)). Fixes #26043 and #26044. Contributed by @charlynguyen. * Fix avatar in right panel not using the correct font ([\#11593](matrix-org/matrix-react-sdk#11593)). Fixes #26061. Contributed by @MidhunSureshR. * Add waits in Spotlight Cypress tests, hoping this unflakes them ([\#11590](matrix-org/matrix-react-sdk#11590)). Fixes #26053, #26140 #26139 and #26138. Contributed by @andybalaam. * Fix vertical alignment of default avatar font ([\#11582](matrix-org/matrix-react-sdk#11582)). Fixes #26081. * Fix avatars in public room & space search being flex shrunk ([\#11580](matrix-org/matrix-react-sdk#11580)). Fixes #26133. * Fix EventTile avatars being rendered with a size of 0 instead of hidden ([\#11558](matrix-org/matrix-react-sdk#11558)). Fixes #26075.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In particular this adds escaping for backslashes which was previously missing.
Here's what your changelog entry will look like:
🐛 Bug Fixes