Split GenericEmbedBlock into Generic, Video, and Form embed blocks#1114
Open
rchlfryn wants to merge 6 commits into
Open
Split GenericEmbedBlock into Generic, Video, and Form embed blocks#1114rchlfryn wants to merge 6 commits into
rchlfryn wants to merge 6 commits into
Conversation
Contributor
Migration Safety CheckFound 8 potential issues: 20260612_185209_split_generic_embed_blocks.ts Warning (line 14): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`home_pages\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 35): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`home_pages\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 57): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`_home_pages_v\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 79): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`_home_pages_v\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 100): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`pages\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 121): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`pages\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 143): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`_pages_v\`(\`id\`) ON UPDATE no action ON DELETE cascadeWarning (line 165): DELETE keyword detected - review for data loss FOREIGN KEY (\`_parent_id\`) REFERENCES \`_pages_v\`(\`id\`) ON UPDATE no action ON DELETE cascadeReview these patterns and add backup/restore logic if needed. See |
Generates 20260612_185209_split_generic_embed_blocks: additively creates the form_embed and video_embed block tables (and their version tables) for the pages and home_pages collections, and registers the migration in the index. No existing tables are altered or dropped. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Rounds out the rich-text seed page so all three embed block types (generic, video, form) appear in both the all-blocks and lexical-blocks seed pages. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
rchlfryn
force-pushed
the
feat/split-generic-embed-blocks
branch
from
2bc5bd8 to
8c004fd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Splits the catch-all
GenericEmbedBlockinto three purpose-built embed blocks, each with an explicit, self-contained security policy. PreviouslyGenericEmbedBlockhad accumulated provider-specific concessions (DonorBox'sdbox-widgettag, YouTube-specific render branching), which eroded the sandboxing boundary that made the block "generic" in the first place.The three blocks now share a single sandboxed renderer (
EmbedFrame) but each supplies its own DOMPurify allow-list and iframesandboxpolicy:<iframe>embeds. Scripts are never executed in this block.dbox-widgettag,allowpaymentrequestand friends).Related Issues
Fixes #977
Key Changes
EmbedFrameshared renderer (src/components/EmbedFrame/) with per-blockaddTags/addAttr/sandboxpolicy, plusBASE_ADD_ATTRshared attributes inpolicies.ts.VideoEmbedandFormEmbed(config.ts+Component.tsx), refactoredGenericEmbedto drop special-case logic.Footer.tsxnow renders embedded footer forms viaFormEmbedBlockComponent.form-embed.ts,video-embed.ts,generic-embed.ts) and added to the all-blocks and lexical-blocks seed pages.*_blocks_form_embedand*_blocks_video_embedtables forpagesandhome_pages(and their_vversion tables).How to test
pnpm seedpnpm dev, open the seeded "All Blocks" and "Blocks Embedded in Rich Text" pages — each shows Generic / Video / Form embeds rendering in a sandboxed iframe.Migration Explanation
20260612_185209_split_generic_embed_blocksis purely additive — itCREATEs the new form/video block tables forpagesandhome_pagesplus their version tables. No existing tables (includinggeneric_embed) are altered or dropped, so existing content is untouched. Themigrate:checkwarnings are false positives flaggingON DELETE cascadein foreign-key definitions. Lexical/rich-text embeds store their data as JSON in existingrichTextcolumns and need no schema change.