Skip to content

MJML5.0 Replace html-minifier and js-beautify #2858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
iRyusa wants to merge 52 commits into
base: master
Choose a base branch
from
Open

MJML5.0 Replace html-minifier and js-beautify #2858

iRyusa wants to merge 52 commits into from
+4,030 −2,660

Conversation

@iRyusa
Copy link
Member

@iRyusa iRyusa commented Apr 25, 2024
edited
Loading

Edit: Available on MJML on v5 for now on experimental tag

@iRyusa iRyusa added the MJML 5 label Apr 25, 2024
@marvin-wtt
Copy link

marvin-wtt commented May 4, 2024

I currently get the error nullTypeError: Cannot destructure property 'children' of 'element' as it is undefined. When compiling with CLI

@iRyusa
Copy link
Member Author

iRyusa commented May 4, 2024 via email

@marvin-wtt
Copy link

marvin-wtt commented May 4, 2024

Make sure to have no global install, clean your node modules + lockfile

Just tried it with a fresh project and only the Black Friday template as test. Still fails.
It also fails in CI, so this can't be a global install issue.

@iRyusa
Copy link
Member Author

iRyusa commented May 14, 2024

@marvin-wtt found out the issue thanks for reporting check the latest version (alpha.2) should be good now 👍

@thewilkybarkid
Copy link

thewilkybarkid commented Jul 16, 2024
edited
Loading

How experimental is this now? I see there have been alpha releases. Looks like CI isn't working as support for Node 16 needs to be dropped (cssnano doesn't support it as it's unmaintained).

@iRyusa iRyusa force-pushed the fix/replace-html-minifier branch from 54ebade to 097a2bd Compare July 30, 2024 09:09
@iRyusa
Copy link
Member Author

iRyusa commented Jul 30, 2024

I don't think we'll find some alternative to those lib now. I still need some work tho to bring back the CI to a green state

@AaronMoat
Copy link

AaronMoat commented Aug 3, 2024

@iRyusa for what it's worth, the CI commands locally seem happy enough if packages/mjml/test/html-attributes.test.js is updated to await mjml instead of just mjml; something similar to test.js seems to work:

async function run() {
  const { html } = await mjml(input)

  ... existing ... 
}

run();

@iRyusa
Copy link
Member Author

iRyusa commented Aug 3, 2024 via email

@AaronMoat
Copy link

AaronMoat commented Aug 19, 2024

Is there any other support that you might want to get this over the line from experimental to shipped @iRyusa? 😄

@Saku75 Saku75 mentioned this pull request Aug 20, 2024
Open
@iRyusa iRyusa linked an issue Oct 1, 2024 that may be closed by this pull request
High Severity Vulnerability in html-minifier #2589
Open
@iRyusa iRyusa force-pushed the fix/replace-html-minifier branch from 6dfc0d7 to e457883 Compare October 4, 2024 12:40
@iRyusa iRyusa changed the title [EXPERIMENTAL] Replace html-minifier and js-beautify MJML5.0 Replace html-minifier and js-beautify Oct 4, 2024
@iRyusa
Copy link
Member Author

iRyusa commented Oct 4, 2024

Alpha 6 might be the last alpha version. Then I'll push it to the "live".

@robkorv
Copy link

robkorv commented Oct 18, 2024

@iRyusa thank you for this change. It's going to be deployed to our production on Monday 🤞🏽

@iRyusa
Copy link
Member Author

iRyusa commented Oct 18, 2024

Feel free to reach me on slack if you find any issues 👍

@jwaterworth
Copy link

jwaterworth commented Nov 14, 2024

@robkorv How was your deployment? Anything we need to be aware of in using this release?

Thanks @iRyusa for making this available! 🙏

@robkorv
Copy link

robkorv commented Nov 18, 2024

@robkorv How was your deployment? Anything we need to be aware of in using this release?

Without any problems. About 415.358 mail build with "5.0.0-alpha.6" since the deploy. The only thing that is changed is that mjml2html is now asynchronous. Everything else is still the same.

I use mjml in a microservice build with hapi. I only needed this change in a hapi route to make it work.

@@ -1,37 +1,40 @@
 "use strict";
 
 const Boom = require("@hapi/boom");
 const Mjml = require("mjml");
 
 module.exports = [
   {
     method: ["get", "post"],
     path: "/mjml",
-    handler: (request, h) => {
+    handler: async (request, h) => {
       if (request.method === "post") {
         try {
-          const result = Mjml(request.payload.mjml, request.payload.options);
+          const result = await Mjml(
+            request.payload.mjml,
+            request.payload.options
+          );
 
           if (request.payload.return_html) {
             const formattedMessages = result.errors
               .filter((x) => x.formattedMessage)
               .map((x) => x.formattedMessage);
             if (formattedMessages.length) {
               request.logger.warn(formattedMessages.join("\n"));
             }
 
             return result.html;
           }
 
           return result;
         } catch (err) {
           const boom = new Boom.Boom(err.toString());
           boom.reformat(true);
           return boom;
         }
       } else {
         return "post mjml and I will return html";
       }
     },
   },
 ];

dazgreer and others added 20 commits January 8, 2026 12:50
@dazgreer
feature(template syntax): santization before PostCSS
70f4477 
- Added a santizeStyles option to account for templating syntax. Can use as either complete block or CSS values either in <mj-style> tag or style=“” attributes
- Added optional templateSyntax array of objects for multiple syntax types
- Created a shim for minifyCSS to minifyCss for CLI
@dazgreer
bugfix(cssnoano): added lite profile to dependencies
ed5271c 
- Added the cssnoano preset as users were being prompted to install it from 5.0.0-alpha.8
- ES Lint upgrade for better compitibility with Prettier
@dazgreer
feature(various): sanitization improvements
f3451dd 
- Removed spaces from restored values when using sanitizeStyles
- Added allowMixedSyntax to allow bost block and CSS propertiy/value pairs in the same document
- Added function to precheck for unbalanced delimeters before sanitizing
- Added unit tests
- Update docs
@totocap
Merge pull request #3029 from mjmlio/bugfix/cssnano-dependency
8434872 
bugfix(cssnano): added lite profile to dependencies
@dazgreer
feature(mj-body): moved body from skeleton
9dce6c7
@totocap
Merge pull request #3025 from mjmlio/bugfix/mjml5-mjml-browser-not-bu…
0c6f984 
…ilding

bugfix(mjml-browser): not building
@dazgreer @tcapet
chore(glob): replace with globSync
167c6d1 
- removed glob dependency
- replaced with native globSync
@totocap
Merge pull request #3028 from mjmlio/bugfix/sanitize-template-syntax
e3cc123 
feature(template syntax): santization before PostCSS
@dazgreer @tcapet
bugfix(ignoreIncludes): mjml5 security fix #3018
517b376 
- set ignoreIncludes to default to true
- setflag for CLI to set to true
- updated docs
- added unit tests

Fixes #3018
@totocap
Merge pull request #3026 from mjmlio/chore/replace-glob-with-globSync
b47ba37 
chore(glob): replace with globSync
@totocap
Merge pull request #3035 from mjmlio/feature/mjml5-move-body-tag-to-m…
e2418f2 
…j-body

feature(mj-body): moved body from skeleton
@totocap
Merge pull request #3033 from mjmlio/bugfix/3018-mjml5-ignoreIncludes…
09f618c 
…-defaults-to-false

bugfix(ignoreIncludes): mjml5 security fix #3018
@totocap
Revert "chore(glob): replace with globSync"
d2df934
@totocap
Merge pull request #3036 from mjmlio/revert-3026-chore/replace-glob-w…
47fd3d7 
…ith-globSync

Revert "chore(glob): replace with globSync"
@tcapet
chore(lerna): move to lerna v9
474166b 
- Move to lerna v9 to get OIDC capabilities.
- Force auth in NPM publish action.
@totocap
Merge pull request #3010 from mjmlio/chore/lerna-9
a71e718 
chore(lerna): move to lerna v9
@totocap
Revert "chore(lerna): move to lerna v9"
d73df4a
@totocap
Merge pull request #3037 from mjmlio/revert-3010-chore/lerna-9
636760d 
Revert "chore(lerna): move to lerna v9"
@tcapet
v5.0.0-alpha.9
a7434ec
@dazgreer
Merge branch 'master' into fix/replace-html-minifier
ab15801
thewilkybarkid added a commit to PREreview/prereview.org that referenced this pull request Jan 20, 2026
@thewilkybarkid
Create a smoke test for faster feedback that MJML is working
568923e 
I tried using v5.0.0-alpha.9, only to find some weird ESM-related problem (sigh). This was only noticable as the visual regression tests failed, so this change ensures it goes through Jest too.

Refs mjmlio/mjml#2858
@dazgreer
bugfix(mj-body): backgroud-color attributes
ac326b7
@dazgreer
chore(glob): bump to 10.5.0
2de534c 
- bumped due to security issues with current version
@robkorv
Copy link

robkorv commented Jan 20, 2026

I'm not getting the CssSyntaxError error I mentioned in #2858 (comment) with 5.0.0-alpha.9 🎉

@dazgreer
Copy link
Collaborator

dazgreer commented Jan 20, 2026

Hey folks, we've released alphas 9 and 10 on the experimental. Please use the latter, it includes

  • the addition of sanitizeStyles and templateSyntax options to sanitize template variables before PostCSS validation.
  • cssnano-preset-lite added to dependencies
  • a security update to ignoreIncludes, setting it to true by default [breaking change]
  • an updated mjml-browser package to build and work (uses html-minifier-terser instead of htmlnano, added globalObject)
  • moving of HTML body tag from skeleton to mj-body and added id attribute [breaking change]
  • bumping of glob dependency 10.5.0

Template syntax santization

If you're using e.g. {{variable}} you can now sanitize these which allows them to pass PostCSS validation by setting sanitizeStyles: true or you can bypass PostCSS completely by setting minifyOptions: { minifyCss: false } (HTML validation is stil performed in this case). Both of these require minifiy:true to be set.

The default template syntax types are {{variable}} and [[variable]]. If you want specify different template syntax, you can do that using this:

templateSyntax: [
	{ prefix: '<%=', suffix: '%>' },
	{ prefix: '#{', suffix: '}' },
]

The santization occurs inside both <style> tags and style="" attributes only. By default, the sanitization allows template variables as...

blocks, e.g.

<style>
{{variable}}
</style>

<a href="https://mjml.io" style="{{variable}}">MJML site</a>

CSS properties and/or values, e.g.

<style>
{{property}}: {{value}}
</style>

<a href="https://mjml.io" style="{{property}}: {{value}}">MJML site</a>

By default you can only have one or the other but you can optionally allow these to be mixed by setting allowMixedSyntax: true

Happy testing! Let us know if there are any issues

@robkorv
Copy link

robkorv commented Jan 21, 2026

  • cssnano-preset-lite added to dependencies

I don't see this reflected in the code-base. I only see cssnano-preset-default which is a dependency for cssnano.

5.0.0-alpha.9 made about 10.000 email on production yesterday. Today 5.0.0-alpha.10 is going to be deployed.
Thanks for all the work btw 🤗

@thewilkybarkid
Copy link

thewilkybarkid commented Jan 21, 2026
edited
Loading

As Prettier is now a dependency, any usage in Jest fails due to jestjs/jest#15816. 😩

Edit: I've been able to confirm everything works as expected in Jest if I comment out the require("prettier") in mjml-core.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dazgreer dazgreer dazgreer left review comments

+1 more reviewer

@thewilkybarkid thewilkybarkid thewilkybarkid left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@iRyusa iRyusa

Labels

MJML 5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Problem Compiling Font Names High Severity Vulnerability in html-minifier