Raise validation errors for properties in attributes#4137
Raise validation errors for properties in attributes#4137westonruter merged 27 commits intodevelopfrom
Conversation
| $validation_error['attr_property_name'] = $error_data['property']; | ||
| } elseif ( self::MISSING_REQUIRED_PROPERTY_VALUE === $error_code ) { | ||
| $validation_error['attr_property_name'] = $error_data['property']; | ||
| $validation_error['attr_property_value'] = $error_data['value']; |
There was a problem hiding this comment.
Instead of attr_property_* what about just property_*? I don't feel strongly about this. If you have a reason for the attr_ prefix I'm happy with that.
There was a problem hiding this comment.
I chose to prefix attr_ because property_name and property_value were already in use in the style sanitizer. I suppose renaming those instances to css_property_* can be done to resolve any ambiguity.
There was a problem hiding this comment.
Renamed property_* to css_property_* and attr_property_* to property_* in 73d04ff.
|
While reviewing the
Note the space prepended to the value The plugin does not show this validation error because the property value is trimmed before comparison to the required value. This can be solved in two ways:
Thoughts @westonruter? |
|
The meta viewport in question in postmag is: <meta name = "viewport" content = "width = device-width, initial-scale = 1.0" >I can see this is indeed a problem for the AMP Validator:
Nevertheless, both Chrome and Firefox seem to read the Therefore, perhaps the right solution now is to “save the trimmed value to the attribute to resolve the error”. I'll open an issue on the AMP project to see if this is a bug. If so, the saved-trimming could then be removed. (See ampproject/amphtml#26496.) |
| return __( 'Type', 'amp' ); | ||
| case 'sources': | ||
| return __( 'Sources', 'amp' ); | ||
| case 'property_name': |
There was a problem hiding this comment.
Should this be renamed to meta_property_name then?
There was a problem hiding this comment.
Alternatively, the $validation_error['code'] can be used to differentiate which property type is in view here. And that could avoid the need to use css_property_name. Thoughts?
There was a problem hiding this comment.
Personally, I prefer renaming it to meta_property_name to be more descriptive.
|
|
||
| // @todo The invalid/missing properties should raise validation errors. See <https://github.com/ampproject/amp-wp/pull/3758/files#r348074703>. | ||
| foreach ( $viewport_settings as $index => $viewport_setting ) { | ||
| list( $property, $value ) = array_map( 'trim', explode( '=', $viewport_setting ) ); |
There was a problem hiding this comment.
A missing change is to put the trimmed $property and $value into the $viewport_settings, correct? This would then address #4137 (comment)
There was a problem hiding this comment.
I made the change to AMP_Tag_And_Attribute_Sanitizer in c4a5581 before seeing this. It definitely would be suited for AMP_Meta_Sanitizer.
|
Ready for re-review? |
|
Yep! |
…nt/4070-validate-props * 'develop' of github.com:ampproject/amp-wp: (108 commits) Update dependency semver to v7.1.2 (#4206) Update dependency @babel/core to v7.8.4 (#4199) Prevent errors in admin bar filters from non-array arguments (#4207) Discontinue preserving original style[amp-custom] Update dependency terser-webpack-plugin to v2.3.4 (#4189) Update dependency @babel/cli to v7.8.4 (#4198) Update dependency browserslist to v4.8.6 (#4196) Update dependency dealerdirect/phpcodesniffer-composer-installer to v0.6.2 (#4186) Split Reader mode style template part stylesheet from action-supplied styles Remove needless $xmlns_value_to_strip variable Fix PHPCS error Commit Weston's suggestion to use documentElement Use $html->hasAttributes to possibly exit early. If the html[lang] is "", overwrite it with the xml:lang Conditionally remove html[xmlns], and convert html[xml:lang] to html[lang] If head[profile=], strip profile, but don't create a new link Revert 7f60c5c (If there's already a link[rel=profile], don't create another Fix phpcs issues in failed Travis build If there's already a link[rel=profile], don't create another Convert head[profile] attribute to a link[rel=profile] ...
There was a problem hiding this comment.
@pierlon I'm seeing some discrepancies with what you indicate is expected.
Invalid properties (❓)
I'm seeing:
Sanitized as:
-<meta name="viewport" content="foo=, widh=device-width, initial-scale=1, user-scalabe=no,">
+<meta name="viewport" content="width=device-width,initial-scale=1">Nevertheless if I try:
<meta name="viewport" content="foo=, width=BAD, initial-scale=1, user-scalabe=no,">There is no validation error for width=BAD:
Missing mandatory properties (❌)
I see no validation errors reported. Why?
Sanitized as:
-<meta name="viewport" content="initial-scale=1, user-scalable=no,">
+<meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no">Are validation errors actually even expected here? The AMP_Meta_Sanitizer ensures that a width property is supplied.
Missing required property values (✅)
This is matching the above screenshot.
Sanitized as:
-<meta http-equiv="X-UA-Compatible" content="IE=9,chrome=1">
+null
Invalid properties
In that case Missing mandatory properties
I forgot to mentioned I had disabled Edit: I've updated the description with a note explaining how the the error can be replicated. |
|
There's one more thing that isn't expected, and that is if an invalid property value is provided for viewport <meta name="viewport" content="width=600, initial-scale=1.0" >Then this gets sanitized as: <meta name="viewport" content="width=device-width,initial-scale=1.0">And no validation error is raised. This is is an issue with the |
|
I'm not sure what the best resolution is for this. If the amp-wp/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php Lines 807 to 817 in 19d54bd Which isn't great, but I can't think of a better solution. |
|
Would there be a case where a user would want to use a specific width? The page can't be AMP compatible unless it being set to |
|
I noticed that the source is not filled in my case. I edited the
|
Co-Authored-By: Alain Schlesser <alain.schlesser@gmail.com>
…alidate-props # Conflicts: # includes/validation/class-amp-validation-error-taxonomy.php
@schlessera This would be expected. If markup is not generated by a hook callback then no source information would be available. In the past the source stack info would show the theme as a fallback, followed by "(?)". That wasn't very helpful either, and it wasn't reliable as I recall. |
That was my understanding as well, thanks for clarifying. |
Use array_map() instead of array_reduce()
…ag and attribute sanitizer
| return; | ||
| } | ||
|
|
||
| // Ensure we have the 'width=device-width' setting included. | ||
| /** | ||
| * Viewport tag. | ||
| * | ||
| * @var DOMElement $viewport_tag | ||
| */ | ||
| $viewport_tag = $this->meta_tags[ self::TAG_VIEWPORT ][0]; | ||
| $viewport_content = $viewport_tag->getAttribute( 'content' ); | ||
| $viewport_settings = array_map( 'trim', explode( ',', $viewport_content ) ); | ||
| $width_found = false; | ||
|
|
||
| // @todo The invalid/missing properties should raise validation errors. See <https://github.com/ampproject/amp-wp/pull/3758/files#r348074703>. | ||
| foreach ( $viewport_settings as $index => $viewport_setting ) { | ||
| list( $property, $value ) = array_map( 'trim', explode( '=', $viewport_setting ) ); | ||
| if ( 'width' === $property ) { | ||
| if ( 'device-width' !== $value ) { | ||
| $viewport_settings[ $index ] = 'width=device-width'; | ||
| } | ||
| $width_found = true; | ||
| break; | ||
| } | ||
| } | ||
|
|
||
| if ( ! $width_found ) { | ||
| array_unshift( $viewport_settings, 'width=device-width' ); | ||
| } | ||
|
|
||
| $viewport_tag->setAttribute( 'content', implode( ',', $viewport_settings ) ); |
There was a problem hiding this comment.
@schlessera I found that this code was no longer necessary now that required property values for all meta tags (not just meta[name=viewport]) in \AMP_Tag_And_Attribute_Sanitizer::process_node().
|
Now given a <meta name="viewport" content="initial-scale=1.0" >
<meta http-equiv="X-UA-Compatible" content="IE=6,chrome=1,netscape=4">Three validation errors are raised:
And with the errors being sanitized, the result is valid AMP: <meta name="viewport" content="initial-scale=1.0,width=device-width">
<meta http-equiv="X-UA-Compatible" content="chrome=1"> |
|
@schlessera @pierlon Please verify my additional changes and we'll merge. |
|
Added a more specific label for the "required property value" validation error: Before: After: Otherwise from that, the prior changes made by @westonruter work as described, so ✔️ for me. |
schlessera
left a comment
There was a problem hiding this comment.
I'm leaving my remaining code reviews issues as a mere comment here, as none of them are really obligatory.
| printf( '<code>%s</code>', esc_html( $value ) ); | ||
| } | ||
| ?> | ||
| <?php elseif ( 'meta_property_name' === $key ) : ?> |
There was a problem hiding this comment.
As we're using these array keys in multiple places, I would suggest using constants for them.
However, given that the long-term plan is to use objects for validation errors, this might just be a waste of effort at this point.
| '<!DOCTYPE html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"></head><body></body></html>', | ||
| ], | ||
|
|
||
| // Trim whitespace between the properties and their values. |
There was a problem hiding this comment.
This file should be changed so that these single-line comments for each test case are converted into array keys. This way, PHPUnit would display the exact test case that is failing.
Summary
This PR allows for separate validation errors to be raised when an attribute has invalid properties, missing mandatory properties and missing required property values. Also, suitable titles for their error codes have been added, along with the
AMP_Tag_And_Attribute_Sanitizer::ATTR_REQUIRED_BUT_MISSINGerror code.Fixes #4070.
Invalid properties
If there are invalid properties within an attribute, each occurrence will be sanitized. For example, given the meta tag:
The following validation errors will be raised:
Missing mandatory properties
If a mandatory property within an attribute is missing, the attribute will be removed. For example, given the meta tag:
A validation error will be raised for the missing
widthproperty, as well as for thecontentattribute being removed:Note: This scenario can only be replicated by disabling
AMP_Meta_Sanitizerso that it will not set the correctwidthproperty value. Currently, only thewidthproperty requires for a specific value to be set.Missing required property values
When a property does not have the required value, the attribute will be removed. For example, given the meta tag:
A validation error will be raised as the
IEproperty does not have the required valueedge, and thecontentattribute will be removed:Checklist