[MAGNOLIA-8536] Entering invalid characters in jcrName throws exception Created: 08/Jun/22  Updated: 08/Sep/22  Resolved: 05/Sep/22

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.19
Fix Version/s: 6.3.0, 6.2.24

Type: Bug Priority: Major
Reporter: Markus Jeni Assignee: Adam Siska
Resolution: Fixed Votes: 1
Labels: VN-Analysis
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 1d 2.5h Time Spent: 1d 2.5h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: PNG File Screenshot 2022-06-08 022730.png     PNG File Screenshot 2022-06-08 022858.png     PNG File image-2022-08-19-09-34-42-776.png    
Issue Links:
Problem/Incident
duplicate
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MAGNOLIA-8537 Provide PR Sub-task Completed Adam Siska  
MAGNOLIA-8538 Code review Sub-task Completed Roman Kovařík  
MAGNOLIA-8539 Preint QA Sub-task Completed Roman Kovařík  
MAGNOLIA-8540 QA Sub-task Closed Antonín Juran  
MAGNOLIA-8541 Backport to 6.2 Sub-task Completed Adam Siska  
MAGNOLIA-8545 Integrate Sub-task Completed Adam Siska  
Template:
Acceptance criteria:
[ ]* do not allow (JCR) special characters
[ ]  show validation error if name is invalid
[ ]* no exceptions on invalid values
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Date of First Response:
Epic Link: Maintenance of vaadin8 framework
Sprint: Nucleus 18
Story Points: 2
Team: Nucleus

 Description   

Entering special JCR internal characters in jcrName fields throws exception. This bug affects all apps and all node types. It can happen in every dialog/app where a jcrName field is included.

Steps to reproduce

  1. open pages app
  2. create a new page
  3. enter name beginning with "{}" or name containing "|" (pipe)
  4. leave the field or click next

Result

  • Exceptions are thrown (2 different ones for {} and |)

This is just one way. All the same with assets, on folders, creating items, renaming items,...

Expected behaviour

  • value of jcrName field is checked for invalid inputs
  • should not throw an exception
  • display a validation error
  • display a hint which characters are allowed

 

I propose to disallow any [] {} | : in JCR names because the can have a special meaning in some cases.

Dev note

having UTF8 support enabled is necessary to reproduce the issue



 Comments   
Comment by Markus Jeni [ 08/Jul/22 ]

Examples for real page names editors could enter that lead to the exception:

  • The Logical operators | and &
  • Dog | Cat | Fish
Comment by Quach Hao Thien [ 18/Jul/22 ]

Discovery:

  • NodeNameValidator is created via info.magnolia.ui.editor.validator.NodeNameFieldValidatorFactory#createValidator
  • info.magnolia.jcr.util.NodeNameHelper#getValidatedName(java.lang.String) is responsible for transform any invalid character (declared in info.magnolia.jcr.util.NodeNameHelper#isCharValid) to '-'
  • There is no validation message for invalid characters, since they're all been transformed
  • There is no hint for valid/allowed character

Possible solution: 

  • Add more invalid character '{ } |' to the check list (info.magnolia.jcr.util.NodeNameHelper#isCharValid)
  • Using description property to defined hint to input node name, worth to defined a new field for NodeName, e.g. JcrNodeNameFieldDefinition

REFs:

_1. https://docs.magnolia-cms.com/product-docs/6.2/Authoring/Managing-pages.html#_character_restrictions_

_2. https://developer.adobe.com/experience-manager/reference-materials/spec/jcr/2.0/3_Repository_Model.html#3.2.4%20Naming%20Restrictions_

Comment by Dominik Maslanka [ 26/Jul/22 ]

mjeni ccantalapiedra 

we will split this ticket into two parts (two tickets) 
as Markus suggested to disallow any [] {} | : in JCR names we 

1. Add more invalid character '{ } |' to the check list (info.magnolia.jcr.util.NodeNameHelper#isCharValid) solve in this ticket MGNLUI-7216

2. In the future we will display a more clear message to the user to prevent using such characters:   MGNLUI-7384

Comment by Roman Kovařík [ 27/Jul/22 ]

Workaround:

Configure pattern for nodeNameValidator.

https://demo.magnolia-cms.com/.magnolia/admincentral#app:resources:edit;/pages-app/dialogs/createPage.yaml:edit

https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/Field-validators.html#_validator_properties

Comment by Markus Jeni [ 19/Aug/22 ]

Workaround does not work. See demoauthor:

Comment by Roman Kovařík [ 19/Aug/22 ]

Hey mjeni,
sorry I've missed your comment.
What's your config?

     validators: 
        - $type: nodeNameValidator
          mode: ADD
          pattern: "[a-zA-Z0-9]*"
          errorMessage: "Only [a-zA-Z0-9] allowed"

Roman

Comment by Markus Jeni [ 19/Aug/22 ]

We are using this config now as a workaround because your pattern is too strict (we have some pages with UTF-8 names):

pattern: "[^{}|]*"
errorMessage: "Characters { } | are not allowed" 
Generated at Mon Feb 12 04:33:35 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.