Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move html into templates #1272

Merged
merged 6 commits into from
Oct 16, 2023
Merged

Move html into templates #1272

merged 6 commits into from
Oct 16, 2023

Conversation

thijskh
Copy link
Member

@thijskh thijskh commented Oct 3, 2023
edited
Loading

Robustify the templating by moving HTML from translatable strings into the Twig templates. This also allows us to reduce the amount of |raw Twig filtering we use, the vast majority of templates do not use |raw anymore now.

This may not be fully backwards compatible: those with language string overrides for the affected strings, or with templates based on the changed strings, may need to make updates.

@thijskh thijskh requested a review from MKodde October 3, 2023 15:03
MKodde
MKodde reviewed Oct 4, 2023
View reviewed changes
Copy link
Member

@MKodde MKodde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see why this is an improvement. And removing the raw filters should prevent problems in the future with the cases that are not causing any problems right now.

However we are losing quite some markup this way. If that is acceptable. I'm fine with this too. But we could also think of a way to make the raw filter more safe. For example by providing a safer blacklist (scrapping the script tags and other possible xss avenues).

After seeing that we are losing many <p> wraparounds, I stopped 1 by 1 checking each of them. So be warned there.

...base/templates/modules/Authentication/View/IdentityProvider/perform-request-access.html.twig Outdated Show resolved Hide resolved
...templates/modules/Authentication/View/Feedback/authn-context-class-ref-blacklisted.html.twig Show resolved Hide resolved
...templates/modules/Authentication/View/Feedback/authn-context-class-ref-blacklisted.html.twig Show resolved Hide resolved
...base/templates/modules/Authentication/View/Feedback/authorization-policy-violation.html.twig Show resolved Hide resolved
theme/base/templates/modules/Default/View/Error/error.html.twig Show resolved Hide resolved
theme/base/templates/modules/Authentication/View/Feedback/missing-required-fields.html.twig Show resolved Hide resolved
@thijskh thijskh force-pushed the robust/move-html-into-templates branch 2 times, most recently from 85d10c9 to 7250502 Compare October 16, 2023 12:31
@thijskh
Removing HTML from translation messages, pass 3
14457b6
@thijskh
Remove HTML from translations, pass 4
5ee1a30
@thijskh
Do not render link if link text is empty in translations (which is th…
9681f38 
…e default)
@thijskh
Consistentify <p> usage in error messages
b444b40 
An error message is now wrapped in <p> tags if there are multiple
paragraphs, not otherwise. This was done inconsistently before. It
does not impact the display of said messages.
@thijskh thijskh force-pushed the robust/move-html-into-templates branch from 7250502 to b444b40 Compare October 16, 2023 13:26
@thijskh
Copy link
Member Author

thijskh commented Oct 16, 2023
edited
Loading

I've checked the <p> and they were applied inconsistently before this PR already. I've now made that consistent.

I've checked and there's no objection to the small loss of markup. Where there was potentially bigger loss I've already solve that in moving the HTML into the templates.

Overall I think it's essential that in EB we reduce risk and complexity where we can and make frameworks work for us. So when in doubt I chose the less complex approach of just not using HTML in a translatable string.

@thijskh thijskh merged commit 29bf330 into master Oct 16, 2023
2 checks passed
@thijskh thijskh deleted the robust/move-html-into-templates branch October 16, 2023 14:12
@thijskh thijskh mentioned this pull request Oct 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MKodde MKodde MKodde left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thijskh @MKodde