[Admin] Do not allow HTML tags for the Product Attribute labels on save#27371
Conversation
magento-engcom-team
added
Area: Frontend
Component: Catalog
Component: Eav
Release Line: 2.4
Partner: Atwix
eduard13
left a comment
eduard13
left a comment
There was a problem hiding this comment.
Hi @vasilii-b, thank you for your contribution, could you please cover the following improvement by an MFTF test and fix the failing Static Tests?
Thank you.
|
Hi @eduard13, |
eduard13
left a comment
eduard13
left a comment
There was a problem hiding this comment.
Hi @vasilii-b, thank you for the MFTF coverage, please check the bellow comments. Feel free to reach me if any questions arise.
Thank you.
|
|
||
| <actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd"> | ||
| <actionGroup name="SaveProductAttributeWithHtmlTagsInLabelActionGroup"> |
There was a problem hiding this comment.
Could you please split this Action group into 2 separated ones, trying to make Action Groups a much atomic as possible?
AdminSaveProductAttributeActionGroup- so it may be used later in other validation scopesAssertSeeProductAttributeValidationErrorActionGroup- will validate the presence of the error.
Please check the Best Practices.
| <actionGroup ref="AdminOpenProductAttributePageActionGroup" stepKey="openProductAttributePage"/> | ||
| <click selector="{{AdminProductAttributeGridSection.createNewAttributeBtn}}" stepKey="createNewAttribute"/> |
There was a problem hiding this comment.
I suggest replacing these steps by a separate ActionGroup, that will navigate to NewProductAttributePage.
AdminNavigateToNewProductAttributePageActionGroup, using this page URL ProductAttributePage.
| <element name="visibleOnCatalogPagesOnStorefront" type="select" selector="#is_visible_on_front"/> | ||
| </section> | ||
| <section name="ManageLabelsSection"> | ||
| <element name="PageTitle" type="text" selector="//span[text()='Manage Titles (Size, Color, etc.)']" /> |
There was a problem hiding this comment.
I think this element is unnecessary as far as we don't use it.
| <element name="StorefrontPropertiesSectionToggle" type="button" selector="#front_fieldset-wrapper"/> | ||
| <element name="visibleOnCatalogPagesOnStorefront" type="select" selector="#is_visible_on_front"/> | ||
| </section> | ||
| <section name="ManageLabelsSection"> |
There was a problem hiding this comment.
Could you please create a separate Section file, and include it in ProductAttributePage page?
| </annotations> | ||
| <before> | ||
| <!-- Login as admin --> | ||
| <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/> |
There was a problem hiding this comment.
LoginAsAdmin is deprecated, please use AdminLoginActionGroup instead.
| <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/> | ||
| </after> | ||
|
|
||
| <!-- Go to Stores > Attributes > Product , click "Add New Attribute" --> |
There was a problem hiding this comment.
The comments are unnecessary, as the stepKeys should be self explanatory.
…o admin-area-product-attribute-can-save-with-html-tags-in-labels
|
Thank you very much for the feedback and the suggestions, @eduard13! |
|
@magento give me test instance |
|
Hi @eduard13. Thank you for your request. I'm working on Magento instance for you |
|
Hi @eduard13, here is your new Magento instance. |
…o admin-area-product-attribute-can-save-with-html-tags-in-labels
|
@magento run all tests |
1 similar comment
|
@magento run all tests |
|
Failed tests not related to the changes in this PR |
slavvka
left a comment
slavvka
left a comment
There was a problem hiding this comment.
Please resolve the conflict before proceeding with it
ghost
dismissed
eduard13’s stale review
Pull Request state was updated. Re-review required.
…ibute-can-save-with-html-tags-in-labels # Conflicts # app/code/Magento/Catalog/Test/Mftf/Section/AdminCreateProductAttributeSection.xml
|
Hi @eduard13, thank you for the review. |
|
@magento run Functional Tests CE, Functional Tests EE, Functional Tests B2B |
ghost
added
Progress: testing in progress
Progress: accept
and removed
Progress: ready for testing
Progress: testing in progress
labels
|
Hi @slavvka, thank you for the review. |
|
Hi @vasilii-b, thank you for your contribution! |
vasilii-b
deleted the
admin-area-product-attribute-can-save-with-html-tags-in-labels
branch
6 participants
Description (*)
This PR adds changes to prevent the store owner to create product attributes which labels contain HTML tags.
HTML tags can be added to the following fields:
ℹ️ It doesn't make sense to allow HTML tags since those are escaped at the view level.
E.g.
magento2/app/code/Magento/LayeredNavigation/view/frontend/templates/layer/view.phtml
Line 37 in ac3eb00
Desired result
At the moment the store owner tries to save the attribute, the labels validation must happen and error messages shown to the user that HTML tags are not allowed.
Related Pull Requests
N/A
Fixed Issues (if relevant)
N/A
Manual testing scenarios (*)
Without the fix
<span>With the fix
<span>Questions or comments
MFTF tests are on the way
Contribution checklist (*)