Editor: Use Unicode escape encoding for "\" characters in block attributes.

Corrects an issue with block attribute encoding where JSON strings ending in the `\` character would be misencoded and cause block attributes to be lost.

Client-side block serialization was updated with matching logic in WordPress/gutenberg@10453ab.

Developed in #9558.

Props jonsurrell, westonruter, mamaduka, dmsnell, shailu25.
Fixes #63917.


git-svn-id: https://develop.svn.wordpress.org/trunk@60708 602fd350-edb4-49c9-b593-d223f7449a82

Author: sirreal

src/wp-includes/blocks.php

@@ -1612,14 +1612,18 @@ function make_after_block_visitor( $hooked_blocks, $context, $callback = 'insert
  */
 function serialize_block_attributes( $block_attributes ) {
 	$encoded_attributes = wp_json_encode( $block_attributes, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE );
-	$encoded_attributes = preg_replace( '/--/', '\\u002d\\u002d', $encoded_attributes );
-	$encoded_attributes = preg_replace( '/</', '\\u003c', $encoded_attributes );
-	$encoded_attributes = preg_replace( '/>/', '\\u003e', $encoded_attributes );
-	$encoded_attributes = preg_replace( '/&/', '\\u0026', $encoded_attributes );
-	// Regex: /\\"/
-	$encoded_attributes = preg_replace( '/\\\\"/', '\\u0022', $encoded_attributes );
-
-	return $encoded_attributes;
+
+	return strtr(
+		$encoded_attributes,
+		array(
+			'\\\\' => '\\u005c',
+			'--'   => '\\u002d\\u002d',
+			'<'    => '\\u003c',
+			'>'    => '\\u003e',
+			'&'    => '\\u0026',
+			'\\"'  => '\\u0022',
+		)
+	);
 }
 
 /**

tests/phpunit/tests/blocks/serialize.php

@@ -10,11 +10,37 @@
  * @group blocks
  */
 class Tests_Blocks_Serialize extends WP_UnitTestCase {
+	/**
+	 * Ensure there are no issues with special character encoding.
+	 *
+	 * @ticket 63917
+	 */
+	public function test_attribute_encoding() {
+		$block = array(
+			'blockName'    => 'test',
+			'attrs'        => array(
+				'lt'         => '<',
+				'gt'         => '>',
+				'amp'        => '&',
+				'bs'         => '\\',
+				'quot'       => '"',
+				'bs-bs-quot' => '\\\\"',
+			),
+			'innerBlocks'  => array(),
+			'innerHTML'    => '',
+			'innerContent' => array(),
+		);
+
+		$expected = '<!-- wp:test {"lt":"\\u003c","gt":"\\u003e","amp":"\\u0026","bs":"\\u005c","quot":"\\u0022","bs-bs-quot":"\\u005c\\u005c\\u0022"} /-->';
+		$this->assertSame( $expected, serialize_block( $block ) );
+	}
 
 	/**
 	 * @dataProvider data_serialize_identity_from_parsed
 	 *
 	 * @param string $original Original block markup.
+	 *
+	 * @ticket 63917
 	 */
 	public function test_serialize_identity_from_parsed( $original ) {
 		$blocks = parse_blocks( $original );
@@ -24,28 +50,72 @@ public function test_serialize_identity_from_parsed( $original ) {
 		$this->assertSame( $original, $actual );
 	}
 
-	public function data_serialize_identity_from_parsed() {
+	public static function data_serialize_identity_from_parsed(): array {
 		return array(
-			// Void block.
-			array( '<!-- wp:void /-->' ),
+			'Void block'                                  =>
+				array( '<!-- wp:void /-->' ),
+
+			'Freeform content ($block_name = null)'       =>
+				array( 'Example.' ),
 
-			// Freeform content ($block_name = null).
-			array( 'Example.' ),
+			'Block with content'                          =>
+				array( '<!-- wp:content -->Example.<!-- /wp:content -->' ),
 
-			// Block with content.
-			array( '<!-- wp:content -->Example.<!-- /wp:content -->' ),
+			'Block with attributes'                       =>
+				array( '<!-- wp:attributes {"key":"value"} /-->' ),
 
-			// Block with attributes.
-			array( '<!-- wp:attributes {"key":"value"} /-->' ),
+			'Block with inner blocks'                     =>
+				array( "<!-- wp:outer --><!-- wp:inner {\"key\":\"value\"} -->Example.<!-- /wp:inner -->\n\nExample.\n\n<!-- wp:void /--><!-- /wp:outer -->" ),
 
-			// Block with inner blocks.
-			array( "<!-- wp:outer --><!-- wp:inner {\"key\":\"value\"} -->Example.<!-- /wp:inner -->\n\nExample.\n\n<!-- wp:void /--><!-- /wp:outer -->" ),
+			'Block with attribute values that may conflict with HTML comment' =>
+				array( '<!-- wp:attributes {"key":"\\u002d\\u002d\\u003c\\u003e\\u0026\\u0022"} /-->' ),
 
-			// Block with attribute values that may conflict with HTML comment.
-			array( '<!-- wp:attributes {"key":"\\u002d\\u002d\\u003c\\u003e\\u0026\\u0022"} /-->' ),
+			'Block with attribute values that should not be escaped' =>
+				array( '<!-- wp:attributes {"key":"€1.00 / 3 for €2.00"} /-->' ),
 
-			// Block with attribute values that should not be escaped.
-			array( '<!-- wp:attributes {"key":"€1.00 / 3 for €2.00"} /-->' ),
+			'Backslashes in attributes, Gutenberg #16508' =>
+				array( '<!-- wp:attributes {"bs":"\\u005c","bsQuote":"\\u005c\\u0022","bsQuoteBs":"\\u005c\\u0022\\u005c"} /-->' ),
+
+			'Tricky backslashes'                          =>
+				array( '<!-- wp:attributes {"bsbsQbsbsbsQ":"\\u005c\\u005c\\u0022\\u005c\\u005c\\u005c\\u005c\\u0022"} /-->' ),
+		);
+	}
+
+	/**
+	 * The serialization was adjusted to use unicode escapes sequences for escaped `\` and `"`
+	 * characters inside JSON strings.
+	 *
+	 * Ensure that the previous escape form can be parsed compatibly and serialized back to
+	 * the new form.
+	 *
+	 * @see https://github.com/WordPress/wordpress-develop/pull/9558
+	 * @see https://github.com/WordPress/gutenberg/pull/71291
+	 *
+	 * @ticket 63917
+	 *
+	 * @dataProvider data_serialize_compatible_forms
+	 *
+	 * @param string $before Previous serialization form.
+	 * @param string $after  New serialization form.
+	 */
+	public function test_older_serialization_is_compatible( string $before, string $after ) {
+		$this->assertNotSame( $before, $after, 'The same serialization should not be provided for before and after.' );
+		$blocks = parse_blocks( $before );
+		$actual = serialize_blocks( $blocks );
+		$this->assertSame( $after, $actual );
+	}
+
+	public static function data_serialize_compatible_forms(): array {
+		return array(
+			'Special characters' => array(
+				'<!-- wp:attributes {"lt":"\\u003c","gt":"\\u003e","amp":"\\u0026","bs":"\\\\","quot":"\\u0022"} /-->',
+				'<!-- wp:attributes {"lt":"\\u003c","gt":"\\u003e","amp":"\\u0026","bs":"\\u005c","quot":"\\u0022"} /-->',
+			),
+
+			'Backslashes'        => array(
+				'<!-- wp:attributes {"bs":"\\\\","bsQuote":"\\\\\\u0022","bsQuoteBs":"\\\\\\u0022\\\\"} /-->',
+				'<!-- wp:attributes {"bs":"\\u005c","bsQuote":"\\u005c\\u0022","bsQuoteBs":"\\u005c\\u0022\\u005c"} /-->',
+			),
 		);
 	}