From 42e943dc0e14620cb0b66b07ab98a85c904fedee Mon Sep 17 00:00:00 2001 From: Matt Sherman Date: Mon, 19 Aug 2024 12:07:11 -0400 Subject: [PATCH] Decode HTML entities and strip HTML tags in product names for cart quantity change notifications (#50541) * Decode cart item names * Strip HTML tags from product name --------- Co-authored-by: Seghir Nadir --- .../js/data/cart/notify-quantity-changes.ts | 16 +++++++++++----- ...ix-cart-notify-quantity-changes-html-entities | 4 ++++ 2 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 plugins/woocommerce/changelog/fix-cart-notify-quantity-changes-html-entities diff --git a/plugins/woocommerce-blocks/assets/js/data/cart/notify-quantity-changes.ts b/plugins/woocommerce-blocks/assets/js/data/cart/notify-quantity-changes.ts index ad7faeea2fa..44910bf4bb8 100644 --- a/plugins/woocommerce-blocks/assets/js/data/cart/notify-quantity-changes.ts +++ b/plugins/woocommerce-blocks/assets/js/data/cart/notify-quantity-changes.ts @@ -3,7 +3,10 @@ */ import { Cart, CartItem } from '@woocommerce/types'; import { dispatch, select } from '@wordpress/data'; +import { decodeEntities } from '@wordpress/html-entities'; import { __, sprintf } from '@wordpress/i18n'; +// eslint-disable-next-line @wordpress/no-unsafe-wp-apis, @woocommerce/dependency-group +import { __unstableStripHTML as stripHTML } from '@wordpress/dom'; /** * Internal dependencies @@ -25,6 +28,9 @@ const isWithinQuantityLimits = ( cartItem: CartItem ) => { ); }; +const stripAndDecode = ( text: string ) => { + return stripHTML( decodeEntities( text ) ); +}; const notifyIfQuantityLimitsChanged = ( oldCart: Cart, newCart: Cart ) => { newCart.items.forEach( ( cartItem ) => { const oldCartItem = oldCart.items.find( ( item ) => { @@ -64,7 +70,7 @@ const notifyIfQuantityLimitsChanged = ( oldCart: Cart, newCart: Cart ) => { 'The quantity of "%1$s" was changed to %2$d. You must purchase this product in groups of %3$d.', 'woocommerce' ), - cartItem.name, + stripAndDecode( cartItem.name ), // We round down to the nearest step value here. We need to do it this way because at this point we // don't know the next quantity. That only gets set once the HTML Input field applies its min/max // constraints. @@ -91,7 +97,7 @@ const notifyIfQuantityLimitsChanged = ( oldCart: Cart, newCart: Cart ) => { 'The quantity of "%1$s" was increased to %2$d. This is the minimum required quantity.', 'woocommerce' ), - cartItem.name, + stripAndDecode( cartItem.name ), cartItem.quantity_limits.minimum ), { @@ -112,7 +118,7 @@ const notifyIfQuantityLimitsChanged = ( oldCart: Cart, newCart: Cart ) => { 'The quantity of "%1$s" was decreased to %2$d. This is the maximum allowed quantity.', 'woocommerce' ), - cartItem.name, + stripAndDecode( cartItem.name ), cartItem.quantity_limits.maximum ), { @@ -153,7 +159,7 @@ const notifyIfQuantityChanged = ( 'The quantity of "%1$s" was changed to %2$d.', 'woocommerce' ), - cartItem.name, + stripAndDecode( cartItem.name ), cartItem.quantity ), { @@ -195,7 +201,7 @@ const notifyIfRemoved = ( sprintf( /* translators: %s is the name of the item. */ __( '"%s" was removed from your cart.', 'woocommerce' ), - oldCartItem.name + stripAndDecode( oldCartItem.name ) ), { context: 'wc/cart', diff --git a/plugins/woocommerce/changelog/fix-cart-notify-quantity-changes-html-entities b/plugins/woocommerce/changelog/fix-cart-notify-quantity-changes-html-entities new file mode 100644 index 00000000000..768e74c0de3 --- /dev/null +++ b/plugins/woocommerce/changelog/fix-cart-notify-quantity-changes-html-entities @@ -0,0 +1,4 @@ +Significance: patch +Type: fix + +Cart block: Strip HTML tags and decode HTML entities in quantity change notifications.