Skip to content

fix(ui): remove @toast-ui/react-editor dependency and migrate to BlockEditor#26887

Open
harsh-vador wants to merge 18 commits intomainfrom
remove-richtexteditor-previewer
Open

fix(ui): remove @toast-ui/react-editor dependency and migrate to BlockEditor#26887
harsh-vador wants to merge 18 commits intomainfrom
remove-richtexteditor-previewer

Conversation

@harsh-vador
Copy link
Copy Markdown
Contributor

@harsh-vador harsh-vador commented Mar 31, 2026

Fixes 27314

Describe your changes:

Summary

  • Replaces all usages of the deprecated RichTextEditorPreviewer (Toast-UI based) with RichTextEditorPreviewerV1 (BlockEditor/TipTap) in ServiceDocPanel, SSODocPanel, and ArticleViewer
  • Removes @toast-ui/react-editor from package.json along with all supporting files (CustomHtmlRederer/, RichTextEditorPreviewer.tsx, its test, and its .less)
  • Adds a processServiceDocMarkdown preprocessor in ServiceDocPanel to convert the custom $$section/$(id="...") syntax (used in service .md doc files) into <section data-id="..."> HTML, preserving the scroll-to-field highlighting feature
  • Replaces toast-ui-specific CSS (.toastui-editor-contents) with self-contained typography styles in service-doc-panel.less
Screen.Recording.2026-04-20.at.3.35.37.PM.mov
Screen.Recording.2026-04-20.at.3.36.04.PM.mov

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

Summary by Gitar

  • Refactor SSO configuration form:
    • Wrapped form event listeners with useCapture: true for click and keydown events in SSOConfigurationForm.tsx.
    • Applied service-doc-panel and content-resizable-panel-container classes to side panels in SSOConfigurationForm.tsx.
  • Miscellaneous improvements:
    • Replaced toastui-editor with block-editor-wrapper styling in domain.less and glossary.less.
    • Added jwtPrincipalClaimsMapping to FIELD_MAPPINGS in SSODocPanel.constants.ts.

This will update automatically on new commits.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026

🟡 Playwright Results — all passed (20 flaky)

✅ 3667 passed · ❌ 0 failed · 🟡 20 flaky · ⏭️ 89 skipped

Shard Passed Failed Flaky Skipped
🟡 Shard 1 480 0 1 4
🟡 Shard 2 648 0 5 7
✅ Shard 3 659 0 0 1
🟡 Shard 4 629 0 5 27
🟡 Shard 5 610 0 1 42
🟡 Shard 6 641 0 8 8
🟡 20 flaky test(s) (passed on retry)
  • Pages/UserCreationWithPersona.spec.ts › Create user with persona and verify on profile (shard 1, 1 retry)
  • Features/BulkEditEntity.spec.ts › Glossary (shard 2, 1 retry)
  • Features/DataQuality/ColumnLevelTests.spec.ts › Column Values Sum To Be Between (shard 2, 1 retry)
  • Features/DataQuality/TestCaseImportExportE2eFlow.spec.ts › Admin: Complete export-import-validate flow (shard 2, 1 retry)
  • Features/DataQuality/TestCaseResultPermissions.spec.ts › User with only VIEW cannot PATCH results (shard 2, 1 retry)
  • Features/Glossary/GlossaryWorkflow.spec.ts › should inherit reviewers from glossary when term is created (shard 2, 1 retry)
  • Pages/Customproperties-part2.spec.ts › entityReferenceList shows item count, scrollable list, no expand toggle (shard 4, 1 retry)
  • Pages/DataContracts.spec.ts › Create Data Contract and validate for Table (shard 4, 1 retry)
  • Pages/DataContractsSemanticRules.spec.ts › Validate Owner Rule Any_In (shard 4, 1 retry)
  • Pages/DataContractsSemanticRules.spec.ts › Validate Description Rule Is_Not_Set (shard 4, 1 retry)
  • Pages/DataContractsSemanticRules.spec.ts › Validate DataProduct Rule Any_In (shard 4, 1 retry)
  • Pages/Glossary.spec.ts › Add and Remove Assets (shard 5, 1 retry)
  • Pages/Glossary.spec.ts › Create glossary, change language to Dutch, and delete glossary (shard 6, 1 retry)
  • Pages/Lineage/DataAssetLineage.spec.ts › verify create lineage for entity - Dashboard (shard 6, 1 retry)
  • Pages/Lineage/LineageFilters.spec.ts › Verify lineage schema filter selection (shard 6, 1 retry)
  • Pages/Lineage/LineageRightPanel.spec.ts › Verify custom properties tab IS visible for supported type: searchIndex (shard 6, 1 retry)
  • Pages/UserDetails.spec.ts › Create team with domain and verify visibility of inherited domain in user profile after team removal (shard 6, 1 retry)
  • Pages/Users.spec.ts › Permissions for table details page for Data Consumer (shard 6, 1 retry)
  • Pages/Users.spec.ts › Check permissions for Data Steward (shard 6, 1 retry)
  • VersionPages/EntityVersionPages.spec.ts › Directory (shard 6, 1 retry)

📦 Download artifacts

How to debug locally
# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 4, 2026

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 63%
63.3% (59160/93452) 43.59% (31375/71975) 46.45% (9414/20265)

@gitar-bot
Copy link
Copy Markdown

gitar-bot bot commented Apr 20, 2026

Code Review ✅ Approved 1 resolved / 1 findings

Migration to BlockEditor removes the @toast-ui/react-editor dependency and resolves the CSS selector injection vulnerability caused by the unescaped fieldName.

✅ 1 resolved
Security: CSS selector injection via unescaped fieldName in querySelector

📄 openmetadata-ui/src/main/resources/ui/src/components/common/ServiceDocPanel/ServiceDocPanel.tsx:191
On line 191, fieldName is interpolated directly into a CSS attribute selector: document.querySelector(\[data-id="${fieldName}"]`). If fieldNamecontains CSS selector metacharacters (e.g.,", ], `), it could break the selector or cause unexpected behavior. While activeField currently comes from internal form state (not direct user input), this is a defensive-coding concern — any future change that routes URL parameters or external input into activeField would create a real injection vector.

Use CSS.escape() to sanitize the value before interpolation.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact
gitar display:verbose         

Was this helpful? React with 👍 / 👎 | Gitar

@sonarqubecloud
Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

safe to test Add this label to run secure Github workflows on PRs

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Remove @toast-ui/react-editor dependency and migrate to BlockEditor

3 participants