diff --git a/packages/block-editor/src/components/off-canvas-editor/appender.js b/packages/block-editor/src/components/off-canvas-editor/appender.js index b19093543c508c..646700143cf511 100644 --- a/packages/block-editor/src/components/off-canvas-editor/appender.js +++ b/packages/block-editor/src/components/off-canvas-editor/appender.js @@ -52,20 +52,10 @@ export const Appender = forwardRef( ( props, ref ) => { let maybeLinkUI; if ( insertedBlock ) { - const link = { - url: insertedBlockAttributes.url, - opensInNewTab: insertedBlockAttributes.opensInNewTab, - title: insertedBlockAttributes.label, - }; maybeLinkUI = ( setInsertedBlock( null ) } hasCreateSuggestion={ false } onChange={ ( updatedValue ) => { diff --git a/packages/block-editor/src/components/off-canvas-editor/link-ui.js b/packages/block-editor/src/components/off-canvas-editor/link-ui.js index ee86bc4d6c8312..eb19eaf9ebf4bb 100644 --- a/packages/block-editor/src/components/off-canvas-editor/link-ui.js +++ b/packages/block-editor/src/components/off-canvas-editor/link-ui.js @@ -123,6 +123,12 @@ function LinkControlTransforms( { clientId } ) { } export function LinkUI( props ) { + const link = { + url: props.link.url, + opensInNewTab: props.link.opensInNewTab, + title: props.link.label, + }; + return ( ( - }; - const { replaceBlock, __unstableMarkNextChangeAsNotPersistent } = useDispatch( blockEditorStore ); const [ isLinkOpen, setIsLinkOpen ] = useState( false ); @@ -656,8 +624,7 @@ export default function NavigationLinkEdit( { setIsLinkOpen( false ) } anchor={ popoverAnchor } hasCreateSuggestion={ userCanCreate } diff --git a/packages/block-library/src/navigation-link/link-ui.js b/packages/block-library/src/navigation-link/link-ui.js index ab8a721b30de1c..ff698985660746 100644 --- a/packages/block-library/src/navigation-link/link-ui.js +++ b/packages/block-library/src/navigation-link/link-ui.js @@ -116,11 +116,27 @@ function LinkControlTransforms( { clientId } ) { ); } +/** + * Removes HTML from a given string. + * Note the does not provide XSS protection or otherwise attempt + * to filter strings with malicious intent. + * + * See also: https://github.com/WordPress/gutenberg/pull/35539 + * + * @param {string} html the string from which HTML should be removed. + * @return {string} the "cleaned" string. + */ +function navStripHTML( html ) { + const doc = document.implementation.createHTMLDocument( '' ); + doc.body.innerHTML = html; + return doc.body.textContent || ''; +} + export function LinkUI( props ) { const { saveEntityRecord } = useDispatch( coreStore ); async function handleCreate( pageTitle ) { - const postType = props.linkAttributes.type || 'page'; + const postType = props.link.type || 'page'; const page = await saveEntityRecord( 'postType', postType, { title: pageTitle, @@ -146,6 +162,12 @@ export function LinkUI( props ) { }; } + const link = { + url: props.link.url, + opensInNewTab: props.link.opensInNewTab, + title: props.link.label && navStripHTML( props.link.label ), + }; + return ( { let format; - if ( props.linkAttributes.type === 'post' ) { + if ( props.link.type === 'post' ) { /* translators: %s: search term. */ format = __( 'Create draft post: %s' ); } else { @@ -179,16 +201,16 @@ export function LinkUI( props ) { } ); } } - noDirectEntry={ !! props.linkAttributes.type } - noURLSuggestion={ !! props.linkAttributes.type } + noDirectEntry={ !! props.link.type } + noURLSuggestion={ !! props.link.type } suggestionsQuery={ getSuggestionsQuery( - props.linkAttributes.type, - props.linkAttributes.kind + props.link.type, + props.link.kind ) } onChange={ props.onChange } onRemove={ props.onRemove } renderControlBottom={ - ! props.linkAttributes.url + ! props.link.url ? () => (