Description
Like many people I've been following guidance to support customising Trix to embed YouTube videos.
I found that while my embeds were being saved and displayed, on editing text the attachments were being stripped out. Other people have reported problems with HTML sanitisation as being the cause of the issue, e.g. with embedded iframes being removed.
However my issue was slightly different. My Rails model which produces the sgid for the embed implements to_trix_content_attachment_partial_path to provide a different in-editor view of the video. This does not use an iframe and instead just inserts an img with a link to video thumbnail. Images aren't sanitised by default.
It turned out that the issue was that we had annotate_rendered_view_with_filenames enabled in Rails in our development config. This causes Rails to insert an HTML comment containing the path to the partial that produced each block of HTML. These comments were then included in the data-trix-attachment attribute as part of the content to be rendered in the editor.
DOMPurify forcibly removes all attributes that contain HTML comments. This isn't configurable behaviour.
This means that any data-trix-attachment attribute containing a comment will be removed so Trix doesn't see the attachment as being present. This problem isn't limited to the annotate_rendered_view_with_filenames setting as you might just have an HTML comment in your partial.
Am aware this isn't a Trix bug, but thought I'd file this here as it seems like a number of people are discussing how to get custom attachments to work correctly. And this issue hasn't been noted.
It might be useful to highlight potential issues with annotate_rendered_view_with_filenames or HTML comments in attachment content in the documentation?
Happy to take suggestions for alternative places to report/suggest this.