search

projectblacklight / blacklight

Blacklight provides a discovery interface for any Solr (http://lucene.apache.org/solr) index.
http://projectblacklight.org/
Other
757 stars 257 forks source link

Nokogiri 1.15.0 uses a version of libxml2 with different HTML attribute parsing behavior #3058

Closed barmintor closed 1 year ago

barmintor commented 1 year ago

There are 2 failures in main:

Failures:

  1) Blacklight::FacetItemPivotComponent links to the facet and shows the number of hits
     Failure/Error: expect(rendered).to have_link 'x', href: '/catalog?f%5Bz%5D=x'
       expected `#<Capybara::Node::Simple tag="" path="/">.has_link?("x", {:href=>"/catalog?f%5Bz%5D=x"})` to be truthy, got false
     # ./spec/components/blacklight/facet_item_pivot_component_spec.rb:39:in `block (2 levels) in <top (required)>'

  2) Blacklight::FacetItemPivotComponent has the facet hierarchy
     Failure/Error: expect(rendered).to have_link 'x:1', href: /f%5Bz%5D%5B%5D=x:1/
       expected `#<Capybara::Node::Simple tag="" path="/">.has_link?("x:1", {:href=>/f%5Bz%5D%5B%5D=x:1/})` to be truthy, got false
     # ./spec/components/blacklight/facet_item_pivot_component_spec.rb:46:in `block (2 levels) in <top (required)>'

I hacked in a dump of the rendered source that is going to Capybara in that component test, and I am seeing:

<li role="treeitem" class="treeitem">
<span class="d-flex flex-row align-items-center"><span class="facet-values d-flex flex-row flex-grow-1 "><span class="facet-label"><a class="facet-select" rel="nofollow" href="/catalog?f[z]=x">x</a></span><span class="facet-count">10</span></span></span><ul class="pivot-facet flex-column list-unstyled ps-4  " role="group"><li role="treeitem" class="treeitem"><span class="d-flex flex-row align-items-center"><span class="facet-values d-flex flex-row flex-grow-1 "><span class="facet-label"><a class="facet-select" rel="nofollow" href="/catalog?f[z][]=x:1">x:1</a></span><span class="facet-count">5</span></span></span></li></ul>
</li>

So the failures in main are coming from an expectation that the bracket characters in the query string passed to link_to will be escaped, and they don't appear to be.

Last passing CI: Using nokogiri 1.14.3 (x86_64-linux) First failing CI: Using nokogiri 1.15.2 (x86_64-linux) Pinning local branch to nokogiri 1.14.3, CI suite passes

Nokogiri 1.15.0 changelog:

[CRuby] Vendored libxml2 is updated to v2.11.3 from v2.10.4. For details please see:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.0 ...

libxml2 v2.11.0 changelog:

html: Don't escape ASCII chars in href attributes