From fdf3dbee9c84e81e498c1eb7c9455bacd13a11ab Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Fri, 14 Jun 2024 15:07:24 +0200 Subject: [PATCH] :bug: [#4390] Fix URL conversion messing with templates The previous patch (183a08ed7db2fcdabfd16aa595452aee8223166f) fixed the reported behaviour by making all URLs fully qualified, instead of building relative URLs to the admin if the domain happens to be the same. However, we have some 'URLs' that are template variables and are substituted out by the backend, e.g. '{{ continue_url }}' which got mangled by this patch by taking the current location and using that as the root - the template fragment was being interpreted as a relative URL. This breaks those templates. This patch addresses both cases by just leaving URLs untouched and doing no conversion at all - relative URLs stay literally that (and if they're template fragments, our backend properly resolves them), while absolute URLs (to another form, for example) that are pasted in stay absolute. This leaves real relative URLs ambiguous, but such URLs don't make much sense in Open Forms anyway and we recommend users to always use fully qualified absolute URLs. Backport-of: #4391 --- src/openforms/conf/tinymce_config.json | 3 +- .../tests/e2e/test_tinymce_configuration.py | 66 +++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 src/openforms/tests/e2e/test_tinymce_configuration.py diff --git a/src/openforms/conf/tinymce_config.json b/src/openforms/conf/tinymce_config.json index 4759b6e4e3..2da8ddfbdb 100644 --- a/src/openforms/conf/tinymce_config.json +++ b/src/openforms/conf/tinymce_config.json @@ -10,6 +10,5 @@ "default_link_target": "_blank", "link_default_protocol": "https", "link_assume_external_targets": true, - "relative_urls": false, - "remove_script_host": false + "convert_urls": false } diff --git a/src/openforms/tests/e2e/test_tinymce_configuration.py b/src/openforms/tests/e2e/test_tinymce_configuration.py new file mode 100644 index 0000000000..39a49af5de --- /dev/null +++ b/src/openforms/tests/e2e/test_tinymce_configuration.py @@ -0,0 +1,66 @@ +from django.test import tag +from django.urls import reverse + +from asgiref.sync import sync_to_async +from furl import furl +from playwright.async_api import expect + +from openforms.config.models import GlobalConfiguration + +from .base import E2ETestCase, browser_page, create_superuser + + +class TinyMCEConfigurationTests(E2ETestCase): + + def setUp(self): + super().setUp() + + self.addCleanup(GlobalConfiguration.clear_cache) + + @tag("gh-4390") + async def test_link_handling(self): + """ + Test that hyperlinks in WYSIWYG content are handled appropriately. + + 1. Links with the same domain/prefix as where the admin is running must stay + absolute, and not be converted to relative paths. See #4368 for more + information. + 2. Link targets may be template variables, like ``{{ continue_ url }}``, these + may not be post-processed and get prefixed with the (current) location to + make them absolute. + """ + + @sync_to_async + def setUpTestData(): + config = GlobalConfiguration.get_solo() + config.save_form_email_content_en = f""" +

Go to form

+

Variable link

+ """ + config.save() + + await setUpTestData() + + admin_url = furl(self.live_server_url) / reverse( + "admin:config_globalconfiguration_change", args=(1,) + ) + + await create_superuser() + async with browser_page() as page: + await self._admin_login(page) + await page.goto(str(admin_url)) + + content_frame = page.frame_locator("#id_save_form_email_content_en_ifr") + await expect(content_frame.get_by_label("Rich Text Area.")).to_be_visible() + + absolute_link = content_frame.get_by_role("link", name="Go to form") + await expect(absolute_link).to_be_visible() + await expect(absolute_link).to_have_attribute( + "data-mce-href", f"{self.live_server_url}/some-form-slug/" + ) + + variable_link = content_frame.get_by_role("link", name="Variable link") + await expect(variable_link).to_be_visible() + await expect(variable_link).to_have_attribute( + "data-mce-href", "{{ some_variable }}" + )