Hosting Command Palette: Trim double quotes from selected items if present #84373
Conversation
|
Here is how your PR affects size of JS and CSS bundles shipped to the user's browser: Sections (~44 bytes added 📈 [gzipped]) Sections contain code specific for a given set of routes. Is downloaded and parsed only when a particular route is navigated to. Legend What is parsed and gzip size?Parsed Size: Uncompressed size of the JS and CSS files. This much code needs to be parsed and stored in memory. Generated by performance advisor bot at iscalypsofastyet.com. |
matticbot
added
the
[Status] Needs Review
There was a problem hiding this comment.
Wow!, great catch @katinthehatsite . 🙌
This PR solves the issue that I was able to replicate on production. I also tried adding other characters besides the quote, like [, ], but they worked fine.
We should upstream this change.
https://github.com/WordPress/gutenberg/blob/trunk/packages/commands/src/components/command-menu.js#L161C17-L164
I confirm that having a site with quotes or other weird characters don't break the command palette. And I was able to navigate to the SSH details. 👍
Screencast
quotes.on.command.palette.mp4
| @@ -69,16 +69,23 @@ interface CommandInputProps { | |||
| function CommandInput( { isOpen, search, setSearch }: CommandInputProps ) { | |||
| const commandMenuInput = useRef< HTMLInputElement >( null ); | |||
| const _value = useCommandState( ( state ) => state.value ); | |||
| const sanitizedValue = useMemo( () => { | |||
| const removedQuotesValue = _value.replace( /"/g, '' ); // Remove double quotes from any selected items before processing input | |||
There was a problem hiding this comment.
Should we use escapeAttribute from @wordpress/escape-html? https://developer.wordpress.org/block-editor/reference-guides/packages/packages-escape-html/#escapeattribute
Or how do we match the sanitization the library is already applying, to make sure our value exactly matches what's rendered on the page?
Also, what other characters might cause problems?
There was a problem hiding this comment.
Also, what other characters might cause problems?
Yesterday reviewing the PR I found that the double quotes character is problematic. The rest worked fine.
|
@katinthehatsite, let's pair on this. |
|
For context: |
|
Hey Kat, I created this PR using yours as a base. We are taking a different/better approach from |
…ters (#84412) * Use the value slugified for item id and activedesdcendant * calculate slug only when the value changes
| onSelect={ () => command.callback( { close, setSearch } ) } | ||
| id={ command.name } | ||
| id={ cleanForSlug( itemValue ) } |
There was a problem hiding this comment.
I like this solution with cleanForSlug! TIL: https://developer.wordpress.org/block-editor/reference-guides/packages/packages-url/#cleanforslug
|
@sejas - thanks for all the research and the refactor. I think if we can make the fix in Gutenberg, this is definitely the approach that we should be taking! |
…m-double-quotes-in-command-palette
github-actions
bot
removed
the
[Status] Needs Review
…esent (#84373) * Use the slugified value for item id and activedesdcendant --------- Co-authored-by: Kateryna Kodonenko <kateryna@automattic.com> Co-authored-by: Antonio Sejas <antonio@sejas.es>
Related to https://github.com/Automattic/dotcom-forge/issues/4550
Proposed Changes
This PR trims the double quotes from the selected site title before it is processed by the
document.querySelector. This ensures that the command palette does not break if the site titles include double quotes.This is what the error looks like if there are double quotes present before they are being processed by the
document.querySelectorin the command palette:Testing Instructions
https://wpcalypso.wordpress.com/sitesby triggeringcmd + kon Mac andctrl + kon WindowsOpen SSH detailscmd + kon Mac andctrl + kon WindowsPre-merge Checklist