Upgraded TinyMCE to 6.7.0 #3220
Conversation
github-actions
bot
added
Component: Adminhtml
|
I know that some parts of OM are old and not updated, but they work. However, if it can be replaced with the latest version in next branch, I will approve it after intensive testing. Please note over 1k issues reported in TinyMCE repository. Here we didn't really face any reports related to this editor. |
|
@colinmollenhour knows why this PR is here, let's just say that outdates software may bring some side effects. |
|
Let's make a visual comparison between what exists now in OpenMage and the proposed version. Even if the current one looks old, by far it has all the intuitive features for an editor. I tried to create a list just pressing a button in version 6 and I didn't succeed. It is probably hidden somewhere but does not appear in the menus.
|
|
It’s not worth testing it now, it’s extremely far from being usable |
|
The browser console must be followed. I get errors as soon as I open the editor. If I enter html tags when I press the hide/show button, the editor no longer retains the changes, errors appear in the console. |
|
for me, it's perfect. I'm already using it with several clients, and they're really satisfied about it |
|
A test suite would be great (and Cypress is an excellent choice) but to me that's a new feature so I think it should not become a blocker for this task. My only stipulations would be that if there is a test suite it must run automated via Github Actions and be easy to setup and run locally. @pquerner I propose you create a new branch based on the one in this PR and add the Cypress test suite there and if it is done before this branch is ready to merge, great, they can both be merged together. However, if it is not ready in time, no problem, it can be merged later. It appears TinyMCE doesn't really have their own test suite, but still I think just making sure the basic functionality (turn WYSIWYG off/on) and the OM add-ons (images, variables, widgets) work as expected would be sufficient. If there are changes between TinyMCE 3 and 6 for normal content they will probably not become apparent until it gets broader use and not every difference will indicate there is a regression as we may decide the new behavior is preferred anyway. So is PHPStan the only blocker now for merging (edit: aside from approval reviews of course)? |
|
@colinmollenhour If I'm not mistaken it's a PHPStan bug with PHP 8.1, nothing to so with this PR, the whole |
|
Attempting to fix PHPStan with #3498 |
|
all green checks again ;-) |
|
It is a bit frustrating not to get a single review for such a big effort mostly @empiricompany put into this. we prefer keeping a >10 years old component with a published vulnerability instead of this. |
yes we should merge it ASAP this PR is perfect, i have dedicated a lot of time to it and also fixed all minor things .. |
|
I've started the cypress tests here btw: https://github.com/pquerner/openmage_cypress_tests I think I write a few tests for widget and magento-only functionality and that should be it. Why its own repo? |
|
@kiatng @elidrissidev @addison74 @Flyingmana @tmotyl sorry to bother you but we would need to get some review on this PR. notes:
|
|
I will need maybe 2 days to fully review the changes. An advise. If something is of importance for security, keep the amount of changed lines and files low |
|
I've been testing it in production for about 2 weeks and I haven't identified any problems. I haven't approved it yet because I have about 5% left to be fully convinced. I also received quite useful feedback. There is room for other changes, but they can be made in time and in separate PRs. In general, these changes are TinyMCE features for which the API must be read in full. |
|
These files still use the
|
| @@ -112,7 +112,7 @@ var Variables = { | |||
| } | |||
| }; | |||
|
|
|||
| MagentovariablePlugin = { | |||
| OpenmagevariablePlugin = { | |||
There was a problem hiding this comment.
was it necessary to mix a renaming with a security related update?
There was a problem hiding this comment.
actually the naming changes were done to make it easier to find something like what you highlight in #3220 (comment) actually I'll check them out right now, thank you for noticing!!!
| @@ -34,10 +34,11 @@ public function indexAction() | |||
| { | |||
| // save extra params for widgets insertion form | |||
| $skipped = $this->getRequest()->getParam('skip_widgets'); | |||
| $skipped = Mage::getSingleton('widget/widget_config')->decodeWidgetsFromQuery($skipped); | |||
| if (is_string($skipped)) { | |||
There was a problem hiding this comment.
for type safety you should put $skipped as an empty array for the else case.
There was a problem hiding this comment.
in order not to drag this PR any longer I'd address it in a separate PR ASAP :-)
| } else { | ||
| return null; | ||
| } | ||
| getMediaBrowserCallback: function() { |
There was a problem hiding this comment.
Why did we change method names of our own class here? isnt this a BC Break?
There was a problem hiding this comment.
well initially my idea was to have it in the next branch because, since all tinymce's variables/objects have different names between v3 and v6... everything is BC so having better names for our method didn't make any change.
later it was sad to have it into main which changes things a bit but at the end of the day, all of tinymce's scripts are still incompatible so... also if we don't change our naming... we don't get much compatibility anyway.
what do you think?
| }, | ||
|
|
||
|
|
||
| getSettings: function (mode) { |
There was a problem hiding this comment.
We can do this later in a separate PR
|
None of the things I commented I would count as blocking because of the security relevance, but maybe we should look again at them and if needed fix them later then |
|
is it ok if I merge and port to |
|
I looked over this PR this weekend too. There are still changes to be made, but they are not a priority because all are related to with UI/UX. The editor is functional and ready for production. Could we extract the version we are replacing in a repository? If someone is not happy with this new version and wants the previous one, he can replace it on his own responsibility. I agree with porting to the main branch and we continue the work from there. All future PRs will go to next too. |
|
@addison74 create something like an extension to return to tinymce v3 is complex because it's like 500 files, with phtml in many different places, I'm sorry but I really wouldn't do that, it's too much work and I can't dedicate that time. anybody could do it if somebody feels the need for that, although highly un-suggested because of the security implications. |
|
oki guys it's time, I'll merge and port to |
Co-authored-by: Tony <[email protected]> Co-authored-by: Tony <[email protected]>
|
Nice work, @fballiano! Also thanks for everyone else's testing and feedback! |
the WYSIWYG editor shipped with OM is TinyMCE 3.something, it is extremely old and outdated and has at least one known vulnerability.
example:
what works (everything):
note: