Escape block attributes to avoid bad-faith actors

Codeinwp / otter-blocks

Create beautiful and attracting posts, pages, and landing pages with Gutenberg Blocks and Template Library by Otter.

https://wordpress.org/plugins/otter-blocks/

GNU General Public License v3.0

129 stars 33 forks source link

Escape block attributes to avoid bad-faith actors #2126

Closed HardeepAsrani closed 3 months ago

HardeepAsrani commented 3 months ago

Closes https://github.com/Codeinwp/otter-internals/issues/158, https://github.com/Codeinwp/otter-internals/issues/159.

Summary

Escape block attributes in SSR
Update Formbricks library

Checklist before the final review

[x] Included E2E or unit tests for the changes in this PR.
[x] Visual elements are not affected by independent changes.
[x] It is at least compatible with the minimum WordPress version.
[x] It loads additional script in frontend only if it is required.
[x] Does not impact the Core Web Vitals.
[x] In case of deprecation, old blocks are safely migrated.
[x] It is usable in Widgets and FSE.
[x] Copy/Paste is working if the attributes are modified.
[x] PR is following [the best practices]()

pirate-bot commented 3 months ago

Bundle Size Diff

Package	Old Size	New Size	Diff
Animations	237.69 KB	237.69 KB	0 B (0.00%)
Blocks	1.5 MB	1.5 MB	0 B (0.00%)
CSS	91.76 KB	91.76 KB	0 B (0.00%)
Dashboard	197.71 KB	200.11 KB	2.4 KB (1.21%)
Onboarding	152.76 KB	152.76 KB	0 B (0.00%)
Export Import	89.53 KB	89.53 KB	0 B (0.00%)
Pro	354.49 KB	354.49 KB	0 B (0.00%)

pirate-bot commented 3 months ago

Plugin build for e5d36dd8d6fae55f5802056986da0a5785ca2fd5 is ready :bellhop_bell:!

Download Otter – Page Builder Blocks & Extensions for Gutenberg - Production ~ Development
Download Otter Pro - Production ~ Development
Download Blocks Animation - Production ~ Development
Download Blocks CSS - Production ~ Development
Download Blocks Export Import - Production ~ Development

pirate-bot commented 3 months ago

E2E Tests

Playwright Test Status:

Performance Results

serverResponse: 196.3, firstPaint: 514, domContentLoaded: 1475.55, loaded: 1476.15, firstContentfulPaint: 9117.8, firstBlock: 11331.4, type: 48.97, minType: 44.88, maxType: 52.56, typeContainer: 12.15, minTypeContainer: 10.89, maxTypeContainer: 13.21, focus: 59.16, minFocus: 50.78, maxFocus: 68.64, inserterOpen: 22.08, minInserterOpen: 20.12, maxInserterOpen: 25.57, inserterSearch: 5.54, minInserterSearch: 5.16, maxInserterSearch: 6.45, inserterHover: 44.85, minInserterHover: 40.61, maxInserterHover: 53.08, listViewOpen: 137.45, minListViewOpen: 125.63, maxListViewOpen: 150.51

pirate-bot commented 3 months ago

:tada: This PR is included in version 2.6.6 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: