Problem/Motivation
Quoting #3201646-21: Add support for image caption (<img data-caption>):
Tested this thoroughly. Works beautifully! 🤩
We will need a follow-up to make formatting inside the caption work though — but that's an upstream bug that we were warned about. Quoting @Reinmar from Slack:
The PoC of drupalimage implementation is still in progress. I heard it’s close to be finished but then we found that in CKE4 inline formatting inside captions can be stored in data-caption attributes. This is not that straightforward now.
Steps to reproduce
- Create image caption: enter
foo bar
- Make
bar
bold - Save the content
- Observe that the stored data contains just
data-caption="foo bar"
instead ofdata-caption="foo <strong>bar</strong>"
Proposed resolution
TBD
Remaining tasks
- Per #14 + #15 + #16: this issue is hard-blocked on #2441811: Upgrade filter system to HTML5 getting fixed in Drupal core.
- …
User interface changes
TBD
API changes
TBD
Data model changes
TBD
Issue fork ckeditor5-3222808
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
Wim LeersComment #4
Wim LeersComment #5
Wim LeersComment #6
Wim Leers@Reinmar just informed @lauriii and I that this was solved upstream 4 days ago: https://github.com/ckeditor/ckeditor5/commits/ci/763
Comment #7
Wim Leers@Reinmar said we might/should be able to reuse the upstream test coverage for this specific functionality. So: TBD whether it's actually feasible to do that!
Comment #10
lauriiiI made some progress on this but got stuck on integrating this with CKEditor attribute encoding. I pinged @Reinmar in Slack for additional info on CKEditor 5 attribute encoding.
Comment #11
Wim LeersComment #13
Wim Leers@Reinmar responded to @lauriii's questions about encoding. Turns out HTML5 does not require
<
and>
to be encoded in attribute values!!! 🤯 TIL! 🤓Or rather… YIL, because over at #2441811-49: Upgrade filter system to HTML5 I basically asked that and @longwave pointed out in #2441811-50: Upgrade filter system to HTML5 that this is no longer true in HTML5!
Comment #14
lauriiiBased on WHATWG parsing rules, we would only have to worry about encoding quotation mark and ampersand. This is already handled by CKEditor 5 so we can get rid of the additional encoding that currently exists in the MR.
Based on some testing, captions encoded by CKEditor 4 are correctly decoded by CKEditor 5. There are some edge cases we still should test.
The tests are failing because
Drupal\Component\Utility\Xss::filter
is unable to handle<
and>
within attributes. We need to either fix that as part of #2441811: Upgrade filter system to HTML5 or another upstream issue.Comment #15
Wim LeersD'oh 😬
Well… at least that issue is well on its way!
Are you saying this issue is hard-blocked on #2441811: Upgrade filter system to HTML5?
Comment #16
lauriiiI think this issue is hard blocked on #2441811: Upgrade filter system to HTML5. I aded failing tests for that issue so that we can start working on a solution for the edge case.
Comment #17
Wim Leers👍
Comment #18
effulgentsia CreditAttribution: effulgentsia at Acquia commentedThe relevant part for this issue got split out into #3227831: Xss::filter() does not handle HTML tags inside attribute values. However, why is this issue hard blocked on it? Why can't we escape the entities in the attribute values ourselves, either in the plugin, or at any point prior to calling Xss::filter(), even if CKE doesn't escape them?
Comment #19
effulgentsia CreditAttribution: effulgentsia at Acquia commentedOne way you can do #18 is by calling:
Comment #20
longwaveIn #2441811: Upgrade filter system to HTML5,
Html::normalize()
is basically the code above without theencode_entities
flag, maybe we should just enable it always there?Comment #21
Wim Leers@effulgentsia How would the CKEditor 5 module do that?
There is no reliably API to intercept data this early, i.e. upon form submission.
We'd almost need to override
\Drupal\text\Plugin\Field\FieldType\TextItem::preSave()
to make that work reliably (because note it could happen in any other text editor too — it is valid HTML5 after all).The only alternative would be to do something like overriding
['#value_callback' => '\Drupal\Core\Render\Element\Textarea::valueCallback']
to do some extra processing there? That could be an okay work-around initially maybe … until it's solved in core?I like @longwave's suggestion in #20 — that seems like the simplest solution and the strongest guarantee?
Comment #22
Wim LeersGreat news from the CKEditor 5 team!
That means we can move forward here again! 👍
Comment #23
lauriiiComment #24
Wim Leers🥳
Comment #25
lauriiiPostponing this on #3247246: Attribute value encoding not compatible with Xss::filter().
Comment #26
Wim LeersI don't understand.
After lengthy investigations and discussions, the conclusion was that changing the Drupal
Xss::filter()
logic is infeasible and unrealistic.The CKEditor 5 team worked to make it possible for us to override their
HtmlWriter
(that's what is described in #22).I see you gave that a try in https://git.drupalcode.org/project/ckeditor5/-/merge_requests/75/diffs?c.... Are you concluding that this is impossible to solve in CKEditor 5? 😱😢
If so: why are you concluding that? Why can this work just fine in CKEditor 4, and why can't we make CKEditor 5 process
data-caption
attribute values the same way?I am not seeing the change in direction/the new conclusion explained either here or in #3247246: Attribute value encoding not compatible with Xss::filter(), so I hope you can elaborate 🙏🤓 I have the feeling it's obvious to you, but it's certainly not to me 😅
Comment #27
lauriii@Wim Leers Does #3247246-7: Attribute value encoding not compatible with Xss::filter() help explain this?
Manually tested to apply this on top of #3247246: Attribute value encoding not compatible with Xss::filter() to confirm that
\Drupal\Tests\ckeditor5\FunctionalJavascript\CKEditor5Test::testImageCaption
passes.Comment #28
Wim LeersYes, thank you! 😊
Comment #29
lauriiiComment #30
Wim LeersRTBC as soon as the coding standards nits are addressed and the slightly expanded documentation!
Just talked to @lauriii, he confirmed that he did thoroughly review the pieces of code coming from upstream 👍🥳
Comment #31
Wim LeersCrediting all participants :)
Comment #33
Wim Leers