* Escape HTML in strings provided as arguments for client-side localization.
* Used HTML sanitizer from dependency.
* Moved sanitization to controller.
* Fixed path to dependency.
* fix: move constants to their own respective files to avoid circular dependencies
* fix: import through import map
* fix: import `sanitizeHTML` from importmap
* chore: consts
* feat: add more ops/sec to `term` function
* fix: check specifically for `typeof 'undefined'` before determining if an arg is valid or not
in case where the sanitizer removes everything so the arg is just an empty string (`""`) we still want it to replace the token, i.e. with the empty string
* test: add tests to verify localization controller xss
* chore: try to improve ops/sec and readability of the `term` function
* test: add more tests for the sanitizer
* fix(dictionary workspace): rely on localization sanitization
* feat: adds new function to escape html entities
* fix: use `escapeHTML` to escape/encode only HTML entities
* test: update test to reflect correct escape
* test: add tests for sanitizeHTML and escapeHTML
* fix: update function to not escape all quotes as people may want to keep those
* chore: formatting
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Refactor .Children to use PublishStatusQuery
* Fix descendants
* Fix ancestors
* Fix siblings
* Handle empty string in published status service
* Fix unit test
* Fixes issue found in tests
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Tinymce inserts links using the a-tag, which is triggering our navigation because we cannot control tinymce's rendering. We can however control which links we trigger on the for the 'click' event by using `composedPath()` and ensuring that we are inside one of the block entry elements.
* prevent the block list editor from setting an empty value on startup
* prevent block grid from setting and initial empty block object value
* fix import
---------
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
Co-authored-by: Niels Lyngsø <nsl@umbraco.dk>
* Add custom serializer
* Add migration to rebuild cache
* Rename migration namespace to 15.1
* Also clear media cache
* Remove failed cache items
* Refactor to only use keys for document cache repository
---------
Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
* fix: make sure we only target valid blocks
This is to say we should remove any invalid block elements to clean up the DOM. A block element is considered invalid if it does not have the `data-content-key` attribute.
* build(deps): bump tiptap from 2.10.2 to 2.10.3
this fixes a potential issue with link creations
* revert the 'leaf node specification'
---------
Co-authored-by: Niels Lyngsø <nsl@umbraco.dk>
* fix: do not add attributes or html elements to custom elements before they are created
Due to the way browsers treat custom elements, they are not allowed to add attributes and/or child elements upon creation. They must wait until the `connectedCallback`. That means any controller that wants to add elements should also wait until the host is connected (`hostConnected`).
* test: add generic tests for rte block elements
* chore: cleanup imports
* split observables so we don't request url when variantsOptions changes
* clean up events + debounce requests
* add loading state
* clear lookup before requesting new urls
* remove code duplication
* remove unused code
* allow value to be undefined
* dot not build model if we have no markup
* do update the layout value if we don't get any layouts
* reset internals if there are no value
* clear value if tiny mce doesn't have any markup
* clear value if tip tap doesn't have any markup
* add method to check if tip tap element is empty
* use method to check for empty tip tap
