Merge branch 'MC-15022' into cms-team-1-delivery

Author: davemacaulay

app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php

@@ -31,16 +31,24 @@ class TemplatePlugin
      */
     private $domDocument;
 
+    /**
+     * @var \Magento\Framework\Math\Random
+     */
+    private $mathRandom;
+
     /**
      * @param \Psr\Log\LoggerInterface $logger
      * @param \Magento\Framework\View\ConfigInterface $viewConfig
+     * @param \Magento\Framework\Math\Random $mathRandom
      */
     public function __construct(
         \Psr\Log\LoggerInterface $logger,
-        \Magento\Framework\View\ConfigInterface $viewConfig
+        \Magento\Framework\View\ConfigInterface $viewConfig,
+        \Magento\Framework\Math\Random $mathRandom
     ) {
         $this->logger = $logger;
         $this->viewConfig = $viewConfig;
+        $this->mathRandom = $mathRandom;
     }
 
     /**
@@ -65,7 +73,7 @@ public function afterFilter(\Magento\Framework\Filter\Template $subject, string
         // Process any HTML content types, they need to be decoded on the front-end
         if (preg_match(self::HTML_CONTENT_TYPE_PATTERN, $result)) {
             $document = $this->getDomDocument($result);
-            $this->decodeHtmlContentTypes($document);
+            $uniqueNodeNameToDecodedOuterHtmlMap = $this->generateDecodedHtmlPlaceholderMappingInDocument($document);
         }
 
         // If a document was retrieved we've modified the output so need to retrieve it from within the document
@@ -77,7 +85,21 @@ public function afterFilter(\Magento\Framework\Filter\Template $subject, string
                 $matches
             );
 
-            return !empty($matches) ? $matches[1] : $result;
+            if (!empty($matches)) {
+                $docHtml = $matches[1];
+
+                if (isset($uniqueNodeNameToDecodedOuterHtmlMap)) {
+                    foreach ($uniqueNodeNameToDecodedOuterHtmlMap as $uniqueNodeName => $decodedOuterHtml) {
+                        $docHtml = str_replace(
+                            '<' . $uniqueNodeName . '>' . '</' . $uniqueNodeName . '>',
+                            $decodedOuterHtml,
+                            $docHtml
+                        );
+                    }
+                }
+
+                $result = $docHtml;
+            }
         }
 
         return $result;
@@ -131,31 +153,48 @@ function ($errorNumber, $errorString) {
     }
 
     /**
-     * Decode the contents of any HTML content types for the store front
+     * Convert encoded HTML content types to placeholders and generate decoded outer html map for future replacement
      *
      * @param \DOMDocument $document
+     * @return array - map of unique node name to decoded html
      */
-    private function decodeHtmlContentTypes(\DOMDocument $document): void
+    private function generateDecodedHtmlPlaceholderMappingInDocument(\DOMDocument $document): array
     {
         $xpath = new \DOMXPath($document);
-        $nodes = $xpath->query('//*[@data-content-type="html" and not(@data-decoded="true")]');
-        foreach ($nodes as $node) {
-            if (strlen(trim($node->nodeValue)) > 0) {
-                /* @var \DOMElement $node */
-                $fragment = $document->createDocumentFragment();
-                $fragment->appendXML($node->nodeValue);
-                // Store a decoded attribute on the element so we don't double decode
-                $node->setAttribute("data-decoded", "true");
-                $node->nodeValue = "";
-
-                // If the HTML code in the content type is invalid it may throw
-                try {
-                    $node->appendChild($fragment);
-                } catch (\Exception $e) {
-                    $this->logger->critical($e);
-                }
+
+        // construct xpath query to fetch top-level ancestor html content type nodes
+        /** @var $htmlContentTypeNodes \DOMNode[] */
+        $htmlContentTypeNodes = $xpath->query(
+            '//*[@data-content-type="html" and not(@data-decoded="true")]' .
+            '[not(ancestor::*[@data-content-type="html"])]'
+        );
+
+        $uniqueNodeNameToDecodedOuterHtmlMap = [];
+
+        foreach ($htmlContentTypeNodes as $htmlContentTypeNode) {
+            // Set decoded attribute on all encoded html content types so we don't double decode;
+            $htmlContentTypeNode->setAttribute('data-decoded', 'true');
+
+            // if nothing exists inside the node, continue
+            if (!strlen(trim($htmlContentTypeNode->nodeValue))) {
+                continue;
             }
+
+            $preDecodedOuterHtml = $document->saveHTML($htmlContentTypeNode);
+            $decodedOuterHtml = html_entity_decode($preDecodedOuterHtml);
+
+            // generate unique node name element to replace with decoded html contents at end of processing;
+            // goal is to create a document as few times as possible to prevent inadvertent parsing of contents as html
+            // by the dom library
+            $uniqueNodeName = $this->mathRandom->getRandomString(32, $this->mathRandom::CHARS_LOWERS);
+
+            $uniqueNode = new \DOMElement($uniqueNodeName);
+            $htmlContentTypeNode->parentNode->replaceChild($uniqueNode, $htmlContentTypeNode);
+
+            $uniqueNodeNameToDecodedOuterHtmlMap[$uniqueNodeName] = $decodedOuterHtml;
         }
+
+        return $uniqueNodeNameToDecodedOuterHtmlMap;
     }
 
     /**

dev/tests/integration/_files/Magento/TestModulePageBuilderExtensionPoints/view/frontend/templates/html_content_type.phtml

@@ -0,0 +1,14 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+// @codingStandardsIgnoreFile
+
+?>
+<div data-content-type="html">
+    &lt;img src=&quot;http://example.com&quot;&gt;
+    &lt;iframe width=&quot;560&quot; height=&quot;315&quot; src=&quot;https://www.youtube.com/embed/owsfdh4gxyc&quot; frameborder=&quot;0&quot; allowfullscreen&gt;&lt;/iframe&gt;
+    &amp;amp;
+</div>

dev/tests/integration/_files/Magento/TestModulePageBuilderExtensionPoints/view/frontend/templates/static_html.phtml

@@ -0,0 +1,12 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+// @codingStandardsIgnoreFile
+
+?>
+<div>
+    <img src="http://example.com/block">
+</div>

dev/tests/integration/_files/Magento/TestModulePageBuilderExtensionPoints/view/frontend/templates/static_text.phtml

@@ -0,0 +1,10 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+// @codingStandardsIgnoreFile
+
+?>
+Hello world

dev/tests/integration/testsuite/Magento/PageBuilder/Plugin/Filter/TemplatePluginTest.php

@@ -0,0 +1,76 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\PageBuilder\Plugin\Filter;
+
+use Magento\Widget\Model\Template\Filter as TemplateFilter;
+use Magento\TestFramework\Helper\Bootstrap;
+
+/**
+ * @magentoAppArea frontend
+ */
+class TemplatePluginTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var \Magento\Framework\ObjectManagerInterface
+     */
+    private $objectManager;
+
+    /**
+     * @var TemplateFilter
+     */
+    private $templateFilter;
+
+    protected function setUp()
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+        $this->templateFilter = $this->objectManager->get(TemplateFilter::class);
+    }
+
+    /**
+     * @param string $preFiltered
+     * @param string $postFiltered
+     * @param string $preFilteredBasename
+     * @dataProvider filterDataProvider
+     */
+    public function testFiltering(string $preFiltered, string $postFiltered, string $preFilteredBasename)
+    {
+        $this->assertEquals(
+            $postFiltered,
+            $this->templateFilter->filter($preFiltered),
+            "Failed asserting that two strings are equal after filtering $preFilteredBasename"
+        );
+    }
+
+    /**
+     * @return array
+     */
+    public function filterDataProvider(): array
+    {
+        $preFilteredFiles = glob(__DIR__ . '/../../_files/template_plugin/*pre_filter*');
+
+        $dataProviderArgs = [];
+
+        foreach ($preFilteredFiles as $preFilteredFile) {
+            $preFilteredBasename = basename($preFilteredFile);
+            $postFilteredFile = pathinfo($preFilteredFile, PATHINFO_DIRNAME) . '/' . str_replace(
+                'pre_filter',
+                'post_filter',
+                $preFilteredBasename
+            );
+
+            $dataProviderArgs[] = [
+                file_get_contents($preFilteredFile),
+                file_get_contents($postFilteredFile),
+                $preFilteredBasename
+            ];
+        }
+
+        return $dataProviderArgs;
+    }
+}

dev/tests/integration/testsuite/Magento/PageBuilder/_files/template_plugin/html_content_type_already_decoded_post_filter.html

@@ -0,0 +1 @@
+<div data-content-type="html" data-decoded="true">&amp;<img src="http://example.com"><iframe width="560" height="315" src="https://www.youtube.com/embed/owsfdh4gxyc" frameborder="0" allowfullscreen></iframe></div>

dev/tests/integration/testsuite/Magento/PageBuilder/_files/template_plugin/html_content_type_already_decoded_pre_filter.html

@@ -0,0 +1 @@
+<div data-content-type="html" data-decoded="true">&amp;<img src="http://example.com"><iframe width="560" height="315" src="https://www.youtube.com/embed/owsfdh4gxyc" frameborder="0" allowfullscreen></iframe></div>

dev/tests/integration/testsuite/Magento/PageBuilder/_files/template_plugin/html_content_type_fb_script_post_filter.html

@@ -0,0 +1,8 @@
+<div data-content-type="html" data-appearance="default" data-element="main" style="border-style: none; border-width: 1px; border-radius: 0px; margin: 0px; padding: 0px;" data-decoded="true"><div id="fb-root"></div>
+    <script async defer src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2&appId=1&autoLogAppEvents=1"></script>
+
+    <div class="fb-page" data-href="https://www.facebook.com/facebook" data-tabs="timeline" data-small-header="false"
+    data-adapt-container-width="true" data-hide-cover="false" data-show-facepile="true"><blockquote
+    cite="https://www.facebook.com/facebook" class="fb-xfbml-parse-ignore"><a
+    href="https://www.facebook.com/facebook">Facebook</a></blockquote></div>
+</div>

dev/tests/integration/testsuite/Magento/PageBuilder/_files/template_plugin/html_content_type_fb_script_pre_filter.html

@@ -0,0 +1,9 @@
+<div data-content-type="html" data-appearance="default" data-element="main"
+     style="border-style: none; border-width: 1px; border-radius: 0px; margin: 0px; padding: 0px;">&lt;div id="fb-root"&gt;&lt;/div&gt;
+    &lt;script async defer src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&amp;version=v3.2&amp;appId=1&amp;autoLogAppEvents=1"&gt;&lt;/script&gt;
+
+    &lt;div class="fb-page" data-href="https://www.facebook.com/facebook" data-tabs="timeline" data-small-header="false"
+    data-adapt-container-width="true" data-hide-cover="false" data-show-facepile="true"&gt;&lt;blockquote
+    cite="https://www.facebook.com/facebook" class="fb-xfbml-parse-ignore"&gt;&lt;a
+    href="https://www.facebook.com/facebook"&gt;Facebook&lt;/a&gt;&lt;/blockquote&gt;&lt;/div&gt;
+</div>

dev/tests/integration/testsuite/Magento/PageBuilder/_files/template_plugin/html_content_type_invalid_html_post_filter.html

@@ -0,0 +1,3 @@
+<div data-content-type="html" data-decoded="true">
+    3 < 4 > 2
+</div>