Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74823

Upgrade HTML Purifier to 4.16.0

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 4.1.1
    • 4.0.1
    • Libraries
    • MOODLE_400_STABLE
    • MOODLE_401_STABLE
    • MDL-74823_upgrade-html-purifier-to-4-14-0
    • Hide

      Test 1

      1. Log in as Admin.
      2. Create a Course.
      3. Enrol a Student in the Course.
      4. Create a Forum in the Course.
      5. Log in the Student.
      6. Go to the Forum.
      7. Create a discussion.
      8. In the discussion message, add a couple of HTML links with "Open in new window" checked and a couple with "Open in new window" unchecked.
      9. Save.
      10. View the discussion and verify, viewing source code, that any links that have the "target="xxxx"" attribute will have "rel=noreferrer noopener" attribute added.
      11. Verify when opening a target="_blank" link that the original page is not redirected and the link is open in a new tab/window.
      12. Try the same sort of thing in other text areas and see if any don't add the attribute.

      Example:
      This:

      <a href="http://allthethings.co.nz/moodle/redirect.html" target="_blank">Test my link</a>

      Becomes:

      <a href="http://allthethings.co.nz/moodle/redirect.html" target="_blank" rel="noreferrer noopener">Test my link</a>

      Show
      Test 1 Log in as Admin. Create a Course. Enrol a Student in the Course. Create a Forum in the Course. Log in the Student. Go to the Forum. Create a discussion. In the discussion message, add a couple of HTML links with "Open in new window" checked and a couple with "Open in new window" unchecked. Save. View the discussion and verify , viewing source code, that any links that have the " target="xxxx" " attribute will have " rel=noreferrer noopener " attribute added. Verify when opening a target="_blank" link that the original page is not redirected and the link is open in a new tab/window. Try the same sort of thing in other text areas and see if any don't add the attribute. Example: This: < a href = "http://allthethings.co.nz/moodle/redirect.html" target = "_blank" >Test my link</ a > Becomes: < a href = "http://allthethings.co.nz/moodle/redirect.html" target = "_blank" rel = "noreferrer noopener" >Test my link</ a >

      HTML Purifier (/lib/htmlpurifier/) 4.13.0 --> 4.16.0 :  http://htmlpurifier.org/ 

       

      This also normalizes the line endings for HTMLPurifier in a separate commit.

      Prior to this change, all the line endings in the imported HTMLPurifier library were using CRLF (\r\n aka Windows style), but the HTMLPurifier source and also the downloadable artefacts use LF (\n aka Linux style) as line endings. This has been the case since 510d190382003985eafd6f4407190d43509016a5 when with the commit "MDL-38672 import HTML Purifier 4.5.0" all line endings were changed from LF to CRLF. There was no comment in the commit on why this change was done.

      As the original source uses LF, this commit partly reverts 510d190382003985eafd6f4407190d43509016a5 and goes back to LF as line endings. This also makes updating the library in the future less of a pita.

       

      Besides some tinymce library plugins and random atto yui files all moodle source uses LF as line endings, so I think that also justifies the change.

        1. test_link_tags_1.png
          151 kB
          David Woloszyn
        2. test_link_tags_2.png
          173 kB
          David Woloszyn
        3. Screenshot from 2022-12-01 09-08-01.png
          99 kB
          Aya Saad

            Daniel Ziegenberg Daniel Ziegenberg
            Daniel Ziegenberg Daniel Ziegenberg
            David Woloszyn David Woloszyn
            Andrew Lyons Andrew Lyons
            Aya Saad Aya Saad
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 31 minutes
                2h 31m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.