Latest (4.0.50.1) wet-boew breaks multiple features

This is due to wet-boew making radical changes made related to jQuery which they try to explain as some sort of "security fix".

https://github.com/wet-boew/wet-boew/issues/9456#issuecomment-1374571118

After reading it, I do think your issue are originating from the security fix we applied to jQuery v2 through wet-boew. That security fix involved to parse through DOMpurify any DOM manipulation action made by jQuery. Ajax request should be out of scope except if they are somehow added to the DOM with jQuery during the process. There is no error that are throw during the sanitization process and I didn't look if DOMPurify have a such option to activate the sanitization error to be logged in the browser console.

That said, we will need more information about what version of ckeditor that are being use in your Drupal CMS and we will need to know if it rely on jQuery to work.

The easiest solution will be to use a ckeditor version that don't rely and are independent from jQuery.

Feel free to join us during one of our weekly Tuesday office hours, all the information (including the meeting link) are available on our Office Hours wiki page.

FYI - Regarding to have a version of wet-boew compiling and locally hosted with docker, I am working on it these days and currently I do have a prototype that work but it is somehow not compatible when embracing WSL2 with docker. I will keep you posted my progression on that.

https://github.com/wet-boew/wet-boew/issues/9456

Thanks @joseph.olstad, appreciate you bringing this to our attention!

Is this fixed now in later wet-boew versions or even the removal of the ie8 features?

Or does this problem still exist in its entirety even if later versions of wet-boew / GCWeb?

Tested this a few months ago, updated ext-deps to try with latest version of wet-boew and still had some problems. Maybe there is a newer version of wet-boew out we can try with.

In one use case with D10 wxt5 where the anonymous role ajax requests ARE affected, I'm still pinning wet-boew to 4.0.43.1. For others I'm testing wxt 5 with whatever wet-boew comes with wxt.

However I could try newer versions and see.

With that said, in the case I noticed, anonymous interaction with media via ck4 (for internal submissions on an intranet) it might actually be fixed by simply switching to ck5 , however the issues reported by joel_osc will not be solved by switching to ck5 because they are unrelated to ck.

#3422762: theme-gcweb upgrade →

Testing 14.5.0 and 4.0.74 , upon special request. For an internet gcweb theme based setup, fairly simple, haven't noticed any issues.

For some of the others that may be affected, can always use composer to pin to older version.

With that said, I've only touched upgrading theme-gcweb and wet-boew , none of the others.

With the upgrade to the latest assets does that mean this issue can be closed since it looks like resolves some of the older errors?

Postpone this, haven't tested edge cases yet.

This is fixed by upgrading to wxt 5.2.2 which includes wet-boew 4.0.74

@joseph this is awesome! I have a few projects that are pinned to wet-boew 4.0.43.1 for this issue. Will have to give this a try, thanks!

The following script, if run from the root of your project will upgrade just the wet-boew to 4.0.74, this is what I used to test quickly.
I confirmed that the expected wet-boew.js version 4.0.74 was running, nice fixes the Treasury Board worked on and finally straightenned out!

#!/bin/bash

if [ -d "html/libraries" ]; then
  echo "Begin upgrade of wet-boew from 4.0.43 to 4.0.74."
  pushd html/libraries;
  rm tmp -rf;
  mkdir tmp;
  pushd tmp;
  wget https://github.com/wet-boew/wet-boew/releases/download/v4.0.74/wet-boew-dist-4.0.74.zip
  unzip wet-boew-dist-4.0.74.zip
  mv ../wet-boew wet-boew_orig
  mv wet-boew-dist-4.0.74/wet-boew ../
  popd
  rm ../libraries/tmp -r;
  popd;
  echo "End of upgrade for wet-boew 4.0.74."
fi

Automatically closed - issue fixed for 2 weeks with no activity.