Looks like this is the last release blocker for Mautic 4:
mautic:features ← dennisameling:grapesjs-head-scripts-in-db-fix
opened 07:35PM - 23 Aug 21 UTC
| Q | A
| --------------------------------… ------ | ---
| Branch? | features
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| BC breaks? | no
| Automated tests included? | N/A
| Related user documentation PR URL | N/A
| Related developer documentation PR URL | N/A
| Issue(s) addressed | Fixes #9998
<!--
Additionally (see https://contribute.mautic.org/contributing-to-mautic/developer/code/pull-requests#step-5-work-on-your-pull-request):
- Always add tests and ensure they pass.
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against the "features" branch.
-->
<!--
Please write a short README for your feature/bugfix. This will help people understand your PR and what it aims to do.
-->
#### Description:
As described in https://github.com/mautic/mautic/issues/9998#issuecomment-898915035, the reported issue is caused by JS and CSS tags having the `data-source="mautic"` attribute, which normally shouldn't be persisted to the database.
Before this change, HTML head JS/CSS tags with `data-source="mautic"` would incorrectly end up in the database:
After this change, HTML head JS/CSS tags don't end up in the database anymore, except the ones that are explicitly defined in the theme (`/nonexistent.js` in this case):
For the actual fix, please refer to https://github.com/mautic/grapesjs-preset-mautic/pull/20.
<!--
If you are fixing a bug and if there is no linked issue already, please provide steps to reproduce the issue here.
-->
#### Reproducing the bug:
1. Checkout the latest `features` branch
2. Update `themes/blank/html/base.html.twig` by adding `<script src="/nonexistent.js"></script>` somewhere in between the `<head></head>` tags (just before the closing `</head>` tag would be a good place
3. Open Mautic in developer mode: `https://mautic.ddev.site/index_dev.php`
4. Go to Components > Landing pages and create a new landing page.
5. Launch and close the builder, then save the landing page with a name you like
6. Go to https://mautic.ddev.site:8037/ in your browser, this opens phpMyAdmin. Find the `pages` table and click "edit" next to the page you just created
7. Find the `custom_html` column. See that all tags with the `data-source="mautic"` attribute are still there (see the first screenshot above)
#### Steps to test this PR:
1. Load up [this PR](https://mautibox.com)
2. Repeat the steps above
3. Note that all tags with `data-source="mautic"` have correctly been stripped out before the page was persisted to the database (see the second screenshot above). Your custom `/nonexistent.js` from the theme should still be there.
<!--
If you have any deprecations, list them here along with the new alternative.
If you have any backwards compatibility breaks, list them here.
-->
**Important note when merging this PR**
This PR was created just so that end-users can test the fix that we created in https://github.com/mautic/grapesjs-preset-mautic/pull/20. The order of merging should be:
1. Merge https://github.com/mautic/grapesjs-preset-mautic/pull/20
2. Update the referenced Git commit by doing `cd plugins/GrapesJsBuilderBundle && npm update grapesjs-preset-mautic`
3. Run `npm run build` to generate the new dist files
4. Merge this PR
Hi folks!
Just to give an update, we have a couple of small details we need to update on our security advisories which will be published when we release, and then we are good to go.
As we don’t want to make a release which includes security fixes on a weekend, we will be aiming for early next week to launch the Mautic 4 General Availability (and there will also be a 3.3.4 release with some security fixes as well, at the same time).
Appreciate everyone is excited to get it out, but we don’t want to be putting folks at risk by announcing security vulnerabilities over a weekend.
We’re nearly there folks!
3 Likes
Thanks for all the support and patience folks!
4.0.0 is now released: Mautic 4: Standing Tall
3.3.4 is also released which contains back-ported security fixes. Please update to one or the other, at your earliest convenience
3 Likes
