WordPress.org
Get WordPress

Make WordPress Core

Opened 4 months ago

Closed 4 months ago

Last modified 4 months ago

#63917 closed defect (bug) (fixed)

Block attributes cannot end in "\"

Reported by: jonsurrell's profile jonsurrell Owned by: jonsurrell's profile jonsurrell
Milestone: 6.9 Priority: normal
Severity: normal Version: 5.3.1
Component: Editor Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

  • Create a new post /wp-admin/post-new.php.
  • Add a "More" block (/more).
  • Replace the default text with the backslash character: \.

Check the editor to reveal this serialized block:

<!-- wp:more {"customText":"\\u0022} -->
<!--more \-->
<!-- /wp:more -->

Notice the customText string is invalid, it's missing a closing " and does not represent the intended attribute value.

When the post is saved and loaded, the custom text (and any other attributes) are lost due to invalid JSON encoding.

This is a companion to the issue reported in GB#16508.

Change History (5)

This ticket was mentioned in PR #9558 on WordPress/wordpress-develop by @jonsurrell.
4 months ago #1

  • Keywords has-patch has-unit-tests added

Change the JSON encoding of block attributes to address problems with strings ending in the \ character.

The encoding is updated to replace the escaped \ character with its unicode escape \u005c. This simplifies the replacement of escaped " characters with its unicode escape \u0022. This addresses a bug where plain, syntactic JSON " characters following an escaped \ character were replaced, breaking the JSON syntax and causing block attributes to be ignored entirely.

This applies the same encoding as https://github.com/WordPress/gutenberg/issues/16508.

~This likely requires https://github.com/WordPress/wordpress-develop/pull/9559.~

See https://github.com/WordPress/gutenberg/pull/6619.

Trac ticket: https://core.trac.wordpress.org/ticket/63917

@westonruter commented on PR #9558:
4 months ago #2

Experimenting with using Gemini CLI to help with code reviewing. 

gh pr checkout https://github.com/WordPress/wordpress-develop/pull/9558;
git diff trunk... | gemini -m "gemini-2.5-pro" -p "Review these changes to WordPress core. Anything amiss?"

Output:

The changes look good. The switch from multiple preg_replace calls to a single strtr call in serialize_block_attributes is a nice performance improvement.

More importantly, the change to explicitly encode backslashes (\) as \u005c makes the serialization more robust and less ambiguous.

The updated and new tests in tests/phpunit/tests/blocks/serialize.php are thorough. I especially like the addition of test_older_serialization_is_compatible, which ensures that content with the old backslash escaping (\\) is correctly migrated to the new format (\u005c) upon re-serialization. This is great for backward compatibility.

Overall, this is a solid and well-tested improvement.

#3 @jonsurrell
4 months ago

The Gutenberg patch landed in commit 10453ab. That should address the issue from the Block Editor side for WordPress 6.9.

#4 @jonsurrell
4 months ago

  • Owner set to jonsurrell
  • Resolution set to fixed
  • Status changed from new to closed

In 60708:

Editor: Use Unicode escape encoding for "\" characters in block attributes.

Corrects an issue with block attribute encoding where JSON strings ending in the \ character would be misencoded and cause block attributes to be lost.

Client-side block serialization was updated with matching logic in https://github.com/WordPress/gutenberg/commit/10453ab3a4e665b8403a0cb466dba64689b4b491.

Developed in https://github.com/WordPress/wordpress-develop/pull/9558.

Props jonsurrell, westonruter, mamaduka, dmsnell, shailu25.
Fixes #63917.

#5 @jonsurrell
4 months ago

  • Version set to 5.3.1

I believe this was introduced in [46896] and WordPress 5.3.1.

Note: See TracTickets for help on using tickets.