Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitise HTML attributes in the database #12943

Merged
merged 2 commits into from
Oct 31, 2024
Merged

Sanitise HTML attributes in the database #12943

merged 2 commits into from
Oct 31, 2024

Conversation

mkllnk
Copy link
Member

@mkllnk mkllnk commented Oct 23, 2024

ℹ️ Please use project Discover Regenerative (Macdoch pt 2): #3A. Tech - OFN & OFN/DFC Endpoints to track work on this issue.

What? Why?

We introduced HTML sanitisation on attribute assignment before but there was still dirty data in the database. This pull request sanitises the database. That allows us to remove the sanitisation every time we read one of the HTML attributes.

What should we test?

  • The following attributes don't change:
  • CustomTab content
  • EntepriseGroup long_description
  • Product description

Release notes

Changelog Category (reviewers may add a label for the release notes):

  • User facing changes
  • API changes (V0, V1, DFC or Webhook)
  • Technical changes only
  • Feature toggled

The title of the pull request will be included in the release notes.

Dependencies

Documentation updates

mkllnk added 2 commits October 24, 2024 08:47
@mkllnk
Sanitise HTML attributes in the database
169e1cf
@mkllnk
Remove redundant HTML sanitisation
d2e5087 
We don't need to run the sanitiser each time we read an attribute. It's
a waste of time.
@mkllnk mkllnk added the technical changes only These pull requests do not contain user facing changes and are grouped in release notes label Oct 23, 2024
@mkllnk mkllnk self-assigned this Oct 23, 2024
@mkllnk mkllnk changed the title Sanitise Sanitise HTML attributes in the database Oct 23, 2024
@mkllnk mkllnk marked this pull request as ready for review October 23, 2024 22:06
rioug
rioug approved these changes Oct 27, 2024
View reviewed changes
Copy link
Collaborator

@rioug rioug left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

dacook
dacook approved these changes Oct 28, 2024
View reviewed changes
Copy link
Member

@dacook dacook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect👌

db/migrate/20241023054951_sanitize_html_attributes.rb
# We prefer to keep migrations isolated and not affected by changing
# application code in the future.
# If we need to change the sanitizer in the future we may need a new
# migration (not change the old one) to sanitise the data properly.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great documentation 🏅

@filipefurtad0 filipefurtad0 self-assigned this Oct 31, 2024
@filipefurtad0 filipefurtad0 added the pr-staged-fr staging.coopcircuits.fr label Oct 31, 2024
@filipefurtad0
Copy link
Contributor

Hey @mkllnk ,

Changed the mentioned attributes, before staging the PR and verified them after staging, under the following URLs:

Spotted nothing unusual, merging!

@filipefurtad0 filipefurtad0 merged commit 0d97f99 into openfoodfoundation:master Oct 31, 2024
56 checks passed
@filipefurtad0 filipefurtad0 removed the pr-staged-fr staging.coopcircuits.fr label Oct 31, 2024
@mkllnk mkllnk deleted the sanitise branch November 1, 2024 05:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rioug rioug rioug approved these changes

@dacook dacook dacook approved these changes

Assignees

@mkllnk mkllnk

@filipefurtad0 filipefurtad0

Labels
technical changes only These pull requests do not contain user facing changes and are grouped in release notes
Projects
OFN Delivery board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sanitise HTML in enterprise and product descriptions
4 participants
@mkllnk @filipefurtad0 @dacook @rioug