feat(collections): collections block feedback #4185
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rbcorrales
added
the
[Status] Needs Review
There was a problem hiding this comment.
Pull Request Overview
This PR addresses Collections Block feedback from previous PRs by removing the 'See All' CTA functionality, improving CTA security through proper escaping, and enhancing attribute sanitization to use defaults instead of hardcoded values.
- Remove all 'See All' functionality including editor controls, rendering logic, and CSS styles
- Add proper escaping for CTA values in REST API responses to prevent XSS vulnerabilities
- Refactor attribute sanitization to use default values from
DEFAULT_ATTRIBUTESinstead of hardcoded minimums
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
tests/unit-tests/collections/class-test-collections-block.php |
Remove see-all tests and enhance attribute sanitization testing |
tests/unit-tests/collections/class-test-collection-meta.php |
Add security tests for CTA escaping in REST responses |
src/blocks/collections/styles/_ctas.scss |
Remove see-all link CSS styles |
src/blocks/collections/edit.jsx |
Remove see-all editor controls and RichText component |
src/blocks/collections/components/InspectorPanel.jsx |
Remove see-all inspector panel controls |
src/blocks/collections/class-collections-block.php |
Extract attribute sanitization logic and remove see-all rendering |
src/blocks/collections/block.json |
Remove see-all attributes from block schema |
includes/collections/class-template-helper.php |
Remove see-all attribute from template defaults |
includes/collections/class-collection-meta.php |
Add CTA escaping in REST API responses |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
github-actions
bot
added
[Status] Approved
|
Hey @rbcorrales, good job getting this PR merged! 🎉 Now, the Please check if this PR needs to be included in the "Upcoming Changes" and "Release Notes" doc. If it doesn't, simply remove the label. If it does, please add an entry to our shared document, with screenshots and testing instructions if applicable, then remove the label. Thank you! ❤️ |
rbcorrales
added a commit
that referenced
this pull request
Sep 18, 2025
matticbot
pushed a commit
that referenced
this pull request
Sep 18, 2025
# [6.19.0-alpha.4](v6.19.0-alpha.3...v6.19.0-alpha.4) (2025-09-18) ### Features * **collections:** add Collections block ([#4166](#4166)) ([ea0917b](ea0917b)) * **collections:** add logic for opening links in new tabs ([#4174](#4174)) ([ab71461](ab71461)) * **collections:** collections block feedback ([#4185](#4185)) ([2f203c1](2f203c1)) * **collections:** replace archive grid with collections block ([#4178](#4178)) ([d601445](d601445))
matticbot
pushed a commit
that referenced
this pull request
Sep 22, 2025
# [6.19.0](v6.18.3...v6.19.0) (2025-09-22) ### Bug Fixes * **indesign-export:** remove feature flag ([#4180](#4180)) ([e3c5c7e](e3c5c7e)) * **my-account:** missing variable and template hook priority ([#4150](#4150)) ([9886618](9886618)) * **newspack-ui:** border radius and padding for buttons, modals, and segmented controls ([#4162](#4162)) ([be750ef](be750ef)) * register with empty name fields ([#4175](#4175)) ([7d6680c](7d6680c)) ### Features * **collections:** add Collections block ([#4166](#4166)) ([ea0917b](ea0917b)) * **collections:** add logic for opening links in new tabs ([#4174](#4174)) ([ab71461](ab71461)) * **collections:** collections block feedback ([#4185](#4185)) ([2f203c1](2f203c1)) * **collections:** replace archive grid with collections block ([#4178](#4178)) ([d601445](d601445)) * **newspack-ui:** add standalone dropdown button; reorganise dropdown box; add generic spacing ([#4169](#4169)) ([863da1e](863da1e)) * **woocommerce:** add custom currency symbol option ([#4155](#4155)) ([8811a7e](8811a7e))
matticbot
pushed a commit
that referenced
this pull request
Sep 25, 2025
# [6.20.0-alpha.1](v6.19.0...v6.20.0-alpha.1) (2025-09-25) ### Bug Fixes * Improve help text for Guest Contributor checkbox ([#4187](#4187)) ([5790f3d](5790f3d)) * newspack-plugin delay ([#4184](#4184)) ([22e8dc2](22e8dc2)) * update download URL for db.php ([#4193](#4193)) ([4d363db](4d363db)) ### Features * **collections:** add Collections block ([#4166](#4166)) ([1185157](1185157)) * **collections:** add logic for opening links in new tabs ([#4174](#4174)) ([07a5545](07a5545)) * **collections:** collections block feedback ([#4185](#4185)) ([0d0210c](0d0210c)) * **collections:** remove feature flag ([#4195](#4195)) ([b1619ef](b1619ef)) * **collections:** replace archive grid with collections block ([#4178](#4178)) ([d0cbadd](d0cbadd)) * **content-gate:** add countdown block ([#4176](#4176)) ([f8fe757](f8fe757)) * **my-account:** subscription switch modal ([#4177](#4177)) ([28c26e7](28c26e7)) * subscription tier modal ([#4164](#4164)) ([4d6ebe2](4d6ebe2))
Contributor
|
🎉 This PR is included in version 6.20.0-alpha.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
matticbot
pushed a commit
that referenced
this pull request
Oct 6, 2025
# [6.20.0](v6.19.0...v6.20.0) (2025-10-06) ### Bug Fixes * ga4 events for gate interactions and tiered modal ([#4209](#4209)) ([2d35768](2d35768)) * Improve help text for Guest Contributor checkbox ([#4187](#4187)) ([5790f3d](5790f3d)) * newspack-plugin delay ([#4184](#4184)) ([22e8dc2](22e8dc2)) * remove content gate countdown block ([0204e58](0204e58)) * update download URL for db.php ([#4193](#4193)) ([4d363db](4d363db)) ### Features * **collections:** add archive link in settings page ([#4203](#4203)) ([42694ec](42694ec)) * **collections:** add Collections block ([#4166](#4166)) ([1185157](1185157)) * **collections:** add css classes to meta elements ([#4208](#4208)) ([7fbf7e9](7fbf7e9)) * **collections:** add logic for opening links in new tabs ([#4174](#4174)) ([07a5545](07a5545)) * **collections:** collections block feedback ([#4185](#4185)) ([0d0210c](0d0210c)) * **collections:** remove feature flag ([#4195](#4195)) ([b1619ef](b1619ef)) * **collections:** replace archive grid with collections block ([#4178](#4178)) ([d0cbadd](d0cbadd)) * **content-gate:** add countdown block ([#4176](#4176)) ([f8fe757](f8fe757)) * **my-account:** subscription switch modal ([#4177](#4177)) ([28c26e7](28c26e7)) * subscription tier modal ([#4164](#4164)) ([4d6ebe2](4d6ebe2))
Contributor
|
🎉 This PR is included in version 6.20.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All Submissions:
Changes proposed in this Pull Request:
This PR addresses Collections Block feedback from previous PRs across security, functionality, and code quality:
label,url,type,class) inget_collection_ctas_for_rest()used in REST responses, to match whatrender_cta()does. Conversation in test(collections): add unit tests for collections block #4172.How to test the changes in this Pull Request:
<script>tags,javascript:URLs). Might require updating the DB.numberOfItems: 0,columns: 'invalid')DEFAULT_ATTRIBUTESarrayOther information: