search

WPDevelopers / essential-addons-for-elementor-lite

Essential Addons for Elementor. Ultimate elements library for Elementor.
https://essential-addons.com/elementor/
43 stars 41 forks source link

Wrapper Links URL "sanitization" breaks relative links #756

Closed tibbsa closed 8 months ago

tibbsa commented 9 months ago

We have a site where we make a point of using relative links everywhere that we can, as we have been bitten in the past by domain name changes or moving to a test/staging domain (and database replacements for internal settings such as wrapper link settings can be finicky).

Recently a change was made to enforce some 'sanitization' on the URL's from JavaScript, but this has resulted in ALL of our relative links no longer working.

The commit in question:

https://github.com/WPDevelopers/essential-addons-for-elementor-lite/commit/730524d1a63d9344ee3a5cc698e65f61aa14e47a

(There is a later commit adding other protocols, but that still does not help us because our links have neither a protocol nor a host name.)

This breaking change is unfortunate because we have thousands of these links that would now all have to be changed.

Is there some way that this could be made an "opt-outable" option? For the moment I am going to local patch to bypass the sanitization check but this is difficult to maintain with plugin updates, etc.

joaomarcosjova commented 9 months ago

To address the issue where relative links are affected by URL sanitization changes in JavaScript, you can consider the following approaches:

  1. Local Patching (Temporary Solution): As you mentioned, you can locally patch the code to bypass the sanitization check. While this is a quick solution, it might not be ideal for maintenance, as you would need to reapply the patch with each update.

    Here's an example of how you might patch the code to exclude relative links:

    // Original code
// const sanitizedUrl = sanitizeUrl(url);

// Bypass the sanitization for relative links
const sanitizedUrl = url.startsWith('/') ? url : sanitizeUrl(url);

    Please note that this is a simplified example, and you need to carefully review the actual sanitization logic in your code.

  2. Configuration or Opt-Out Feature: If the sanitization feature is causing issues for your use case, consider proposing an enhancement to the library or framework that introduces a configuration option or opt-out feature for URL sanitization. This way, users can choose whether to apply sanitization or not.

    You can raise this as a feature request or discuss it with the maintainers of the library or framework on their official channels (e.g., GitHub repository, community forum).

  3. Alternative URL Handling: Evaluate if there are alternative methods for handling URLs that would better suit your needs. For example, you might explore using a custom utility for URL handling that allows you to maintain control over how URLs are processed.

Remember to document any local patches or workarounds, as well as the reasoning behind them, for future maintainers of the code.

Ultimately, the best approach may depend on the specifics of your project, the libraries/frameworks you're using, and the community's response to your feedback or feature request.

rudlinkon commented 9 months ago

Hello @tibbsa apologize for the issue you face. To enhance our security we sanitized the URL from JS. Thank you @joaomarcosjova for your suggestion.

Our dev team will take action soon and will be updated here.

rudlinkon commented 8 months ago

This issue has been fixed on the latest version (v5.9.9). Thank you, @tibbsa and @joaomarcosjova