Skip to content

[Autocomplete] Escape querySelector dynamic selector with CSS.escape() #2663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 21, 2025
Merged

[Autocomplete] Escape querySelector dynamic selector with CSS.escape() #2663

merged 1 commit into from
Apr 21, 2025
+6 −2

Conversation

Bartheyrman22
Copy link
Contributor

@Bartheyrman22 Bartheyrman22 commented Mar 28, 2025
edited
Loading

Properly escape the querySelector for option-values like "["Test"]"/
This to mitigate:

SyntaxError: Element.querySelector: ':scope > option[value="["foo"]"]' is not a valid selector
Q A
Bug fix? yes
New feature? no
Issues
License MIT

Some remark where I don't have a solution for:
The issue is only reproduceable on Chrome.
In Firefox, the code in the controller.js is not executed properly. So the error get's never triggered.
But no side effects detected so far.

@carsonbot carsonbot added Autocomplete Bug Bug Fix Status: Needs Review Needs to be reviewed labels Mar 28, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 28, 2025
edited
Loading

📊 Packages dist files size difference

Thanks for the PR! Here is the difference in size of the packages dist files between the base branch and the PR.
Please review the changes and make sure they are expected.

FileBefore (Size / Gzip)After (Size / Gzip)
Autocomplete
controller.js 16.68 kB / 3.96 kB 16.7 kB0% / 3.96 kB0%

@Bartheyrman22
Copy link
Contributor Author

Should I worry about the 3 failed checks?
Thanks in advance!

smnandre
smnandre reviewed Mar 30, 2025
View reviewed changes
src/Autocomplete/assets/src/controller.ts Outdated
@@ -325,6 +325,10 @@ export default class extends Controller {
return string.replace(/(<([^>]+)>)/gi, '');
}

#addSlashes(string: string): string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recently learned the existence of CSS.escape() Would it not be better than a custom implementation here ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CSS.escape escapes more then strictly necessary but the solution you suggest is cleaner indeed.

smnandre
smnandre reviewed Mar 30, 2025
View reviewed changes
src/Autocomplete/assets/src/controller.ts Outdated
@@ -192,7 +192,7 @@ export default class extends Controller {
for (const [, tomSelectOption] of Object.entries(this.tomSelect.options)) {
if (tomSelectOption.$order === optionOrder) {
orderedOption = parentElement.querySelector(
`:scope > option[value="${tomSelectOption[this.tomSelect.settings.valueField]}"]`
`:scope > option[value="${[this.#addSlashes(this.tomSelect.settings.valueField)]}"]`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure here ? What is the goal of providing an array ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll check

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the array again.

@smnandre
Copy link
Member

In Firefox, the code in the controller.js is not executed properly.

Hello @Bartheyrman22 ... do you have a simple reproducer we can test to see what happens here ?

@Bartheyrman22
Copy link
Contributor Author

In Firefox, the code in the controller.js is not executed properly.

Hello @Bartheyrman22 ... do you have a simple reproducer we can test to see what happens here ?

I believe it is visible as soon as you debug in Firefox-debugger.
But I can try making a reproducer, is there a template to start from?

@smnandre
Copy link
Member

You can start from the template i started ... it's not much more than a fresh install of symfony webapp + CSS .. but it's already a starting point :)

You'll still need to install ux-autocomplete and add a new form to show the problem

(probably composer update to start 😅 )

https://github.com/smnandre/ux-reproducer

@smnandre
Copy link
Member

Should I worry about the 3 failed checks? Thanks in advance!

I don't think so... Twig/Live are 🔴 for another reason... and I just opened a PR to fix the JS files false-positive :)

@Kocal Kocal mentioned this pull request Apr 11, 2025
Merged
@Kocal Kocal changed the title [Autocomplete] Escape querySelector option value [Autocomplete] Escape querySelector dynamic selector with CSS.escape() Apr 21, 2025
@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Apr 21, 2025
@Kocal
Copy link
Member

Kocal commented Apr 21, 2025

Thank you @Bartheyrman22.

@Kocal Kocal merged commit 61819ae into symfony:2.x Apr 21, 2025
81 of 83 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smnandre smnandre

@Kocal Kocal

Assignees
No one assigned
Labels
Autocomplete Bug Bug Fix Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Bartheyrman22 @smnandre @Kocal @carsonbot