adjust json-editor to handle double escaped strings and fix json editing in addon

Author: antpb

api/src/pluginTemplate.js

@@ -3,52 +3,90 @@ import { createHeaderSearchBar } from './headerSearchBar';
 
 export default async function generatePluginHTML(pluginData, env) {
 	const secureHtmlService = createSecureHtmlService();
-	// Sanitize the input data
 	const safePlugin = secureHtmlService.sanitizePluginData(pluginData);
-	console.log("datertots", JSON.stringify(pluginData));
+
 	if (!safePlugin) {
 		return new Response('Invalid plugin data', { status: 400 });
 	}
 
-	// Fetch the current download count
 	const downloadKey = `downloads:${safePlugin.author}:${safePlugin.slug}`;
 	const downloadCount = parseInt(await env.DOWNLOAD_COUNTS.get(downloadKey)) || 0;
 	const activeInstalls = safePlugin.active_installs;
+
 	const html = `
-    <!DOCTYPE html>
-    <html lang="en">
-    <head>
-      <title>${safePlugin.name} - Plugin Details</title>
-      <link 
-        href="https://cdn.jsdelivr.net/npm/[email protected]/dist/tailwind.min.css" 
-        rel="stylesheet"
-        crossorigin="anonymous"
-      >
-      <style>
-        body { background-color: #191919; color: white; }
-        .asset-card-container-home { background: linear-gradient(to bottom right, #131313, #181818); }
-      </style>
-    </head>
-    <body>
-      <div class="min-h-screen bg-[#191919] text-white">
-	  		  			${createHeaderSearchBar()}
-        <div class="bg-gradient-to-r from-green-500 to-purple-600 pt-16">
-          <div class="container mx-auto px-2 max-h-[620px]">
-            <div class="relative max-w-[1300px] mx-auto shadow-lg rounded-t-2xl overflow-hidden">
-              <img src="${safePlugin.banners.high}" alt="${safePlugin.name} banner" class="h-auto max-h-[620px] justify-center object-cover w-full">
-            </div>
-          </div>
-        </div>
-        <div class="container mx-auto px-4 py-16">
-          <div class="grid grid-cols-1 md:grid-cols-3 gap-12">
-            <div class="md:col-span-2 bg-gradient-to-br rounded-3xl asset-card-container-home shadow-2xl p-8 transform min-h-[200px]">
-              <div class='px-4 py-6 bg-[#191919] rounded-3xl mb-2 flex items-center'>
-                <img src="${safePlugin.icons['1x']}" alt="${safePlugin.name}" class="w-24 h-24 mr-4 rounded-lg">
-                <div>
-                  <h1 class="text-2xl font-bold mb-1">${safePlugin.name}</h1>
-                  <p class="text-md w-90">${safePlugin.short_description}</p>
-                </div>
-              </div>
+	  <!DOCTYPE html>
+	  <html lang="en">
+	  <head>
+		<title>${safePlugin.name} - Plugin Details</title>
+		<link 
+		  href="https://cdn.jsdelivr.net/npm/[email protected]/dist/tailwind.min.css" 
+		  rel="stylesheet"
+		  crossorigin="anonymous"
+		>
+		<style>
+		  body { background-color: #191919; color: white; }
+		  .asset-card-container-home { background: linear-gradient(to bottom right, #131313, #181818); }
+		  /* Add only the modal styles we need */
+		  #playgroundModal {
+			display: none;
+			position: fixed;
+			top: 0;
+			left: 0;
+			width: 100%;
+			height: 100%;
+			background: rgba(0, 0, 0, 0.8);
+			z-index: 1000;
+		  }
+		  #playgroundModal.active {
+			display: flex;
+			align-items: center;
+			justify-content: center;
+		  }
+		  .modal-content {
+			width: 90%;
+			height: 90%;
+			background: white;
+			border-radius: 8px;
+			padding: 20px;
+			position: relative;
+		  }
+		  #closePlayground {
+			position: absolute;
+			right: 10px;
+			top: 10px;
+			font-size: 24px;
+			cursor: pointer;
+			color: #666;
+		  }
+		  #playground-iframe {
+			width: 100%;
+			height: 100%;
+			border: none;
+		  }
+		</style>
+	  </head>
+    	<body>
+		<div class="min-h-screen bg-[#191919] text-white">
+		  ${createHeaderSearchBar()}
+		  <div class="bg-gradient-to-r from-green-500 to-purple-600 pt-16">
+			<div class="container mx-auto px-2 max-h-[620px]">
+			  <div class="relative max-w-[1300px] mx-auto shadow-lg rounded-t-2xl overflow-hidden">
+				<img src="${safePlugin.banners.high}" alt="${safePlugin.name} banner" class="h-auto max-h-[620px] justify-center object-cover w-full">
+			  </div>
+			</div>
+		  </div>
+		  <div class="container mx-auto px-4 py-16">
+			<div class="grid grid-cols-1 md:grid-cols-3 gap-12">
+			  <!-- Left content column -->
+			  <div class="md:col-span-2 bg-gradient-to-br rounded-3xl asset-card-container-home shadow-2xl p-8 transform min-h-[200px]">
+				<!-- Existing left column content -->
+				<div class='px-4 py-6 bg-[#191919] rounded-3xl mb-2 flex items-center'>
+				  <img src="${safePlugin.icons['1x']}" alt="${safePlugin.name}" class="w-24 h-24 mr-4 rounded-lg">
+				  <div>
+					<h1 class="text-2xl font-bold mb-1">${safePlugin.name}</h1>
+					<p class="text-md w-90">${safePlugin.short_description}</p>
+				  </div>
+				</div>  
               <div class="bg-[#191919] rounded-3xl p-2 mb-2">
                 <div class="text-md leading-8">${safePlugin.sections?.description}</div>
               </div>
@@ -65,6 +103,7 @@ export default async function generatePluginHTML(pluginData, env) {
                 </div>
               ` : ''}
             </div>
+            <!-- Right sidebar -->
             <div>
               <div class="bg-gradient-to-br rounded-3xl asset-card-container-home shadow-2xl rounded-lg p-6 mb-8">
                 <div class="flex items-center mb-4">
@@ -74,26 +113,36 @@ export default async function generatePluginHTML(pluginData, env) {
                     <p class="text-gray-200 text-md">by ${safePlugin.author}</p>
                   </div>
                 </div>
-                <div class="flex items-center justify-between mb-4">
+                <div class="flex items-center mb-4">
                   <div class="flex items-center">
-                  ${safePlugin.rating && safePlugin.rating > 0 ? `
-                    <span class="text-yellow-400 mr-1">★</span>
-                    <span>${safePlugin.rating}/5</span>
-                  ` : ''}
+                    ${safePlugin.rating && safePlugin.rating > 0 ? `
+                      <span class="text-yellow-400 mr-1">★</span>
+                      <span>${safePlugin.rating}/5</span>
+                    ` : ''}
                   </div>
+				  <div class="flex items-center flex-col gap-2">
 					<div class="flex items-center">
-					<span class="mr-2 text-purple-600">↓</span>
-					<span class="text-s" id="download-count">${downloadCount.toLocaleString()}+ downloads</span>
+						<span class="mr-2 text-purple-600">↓</span>
+						<span class="text-s" id="download-count">${downloadCount.toLocaleString()}+ downloads</span>
 					</div>
 					<div class="flex items-center">
-					<span class="mr-2 text-purple-600">🔌</span>
+						<span class="mr-2 text-purple-600">🔌</span>
 						<span class="text-s" id="active-installs">${activeInstalls.toLocaleString()}+ activations</span>
 					</div>
+				  </div>
                 </div>
-				<a href="/download?author=${encodeURIComponent(safePlugin.author)}&slug=${encodeURIComponent(safePlugin.slug)}" 
-				class="w-full bg-purple-600 hover:bg-purple-700 text-white font-bold py-2 px-4 rounded-3xl mb-4 flex items-center justify-center">
-				Download v${safePlugin.version}
-				</a>
+                <!-- Download and Playground buttons -->
+				<div class="flex flex-col gap-6 mb-4">
+					<button id="tryInPlayground" 
+						class="flex-2 bg-blue-600 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded-3xl">
+						Try in Playground
+					</button>
+					<a href="/download?author=${encodeURIComponent(safePlugin.author)}&slug=${encodeURIComponent(safePlugin.slug)}" 
+						class="flex-1 bg-purple-600 hover:bg-purple-700 text-white font-bold py-2 px-4 rounded-3xl text-center">
+						Download v${safePlugin.version}
+					</a>
+				</div>
+                <!-- Plugin details -->
                 <div class="text-sm text-gray-200">
                   <p>Last updated: ${safePlugin.last_updated}</p>
                   <p>Version: ${safePlugin.version}</p>
@@ -102,6 +151,7 @@ export default async function generatePluginHTML(pluginData, env) {
                   <p>Requires PHP: ${safePlugin.requires_php}</p>
                 </div>
               </div>
+
               ${safePlugin.authorData ? `
                 <div class="bg-gradient-to-br rounded-3xl asset-card-container-home shadow-2xl p-6">
                   <h3 class="text-xl font-bold mb-4">Author</h3>
@@ -120,17 +170,78 @@ export default async function generatePluginHTML(pluginData, env) {
             </div>
           </div>
         </div>
-        <div class="bg-black py-8">
-			<div class="container mx-auto px-4 text-center text-gray-200">
-				<p>&copy; ${new Date().getFullYear()} ${new Date().toLocaleTimeString()} Your Footer Text.</p>
-				<a href="/terms" class="text-purple-400 hover:underline">Terms of Service</a> | 
-				<a href="/privacy" class="text-purple-400 hover:underline">Privacy Policy</a> |
-				<a href="https://github.com/xpportal/Micro-Plugin-Publisher" class="text-purple-400 hover:underline">
-					Source Code
-				</a>
+
+        <!-- Playground Modal -->
+			<div id="playgroundModal">
+			<div class="modal-content">
+				<span id="closePlayground">&times;</span>
+				<iframe id="playground-iframe" 
+				sandbox="allow-same-origin allow-scripts allow-popups allow-forms"
+				title="WordPress Playground">
+				</iframe>
+			</div>
 			</div>
+
+        <!-- Footer -->
+        <div class="bg-black py-8">
+          <div class="container mx-auto px-4 text-center text-gray-200">
+            <p>&copy; ${new Date().getFullYear()} ${new Date().toLocaleTimeString()} Your Footer Text.</p>
+            <a href="/terms" class="text-purple-400 hover:underline">Terms of Service</a> | 
+            <a href="/privacy" class="text-purple-400 hover:underline">Privacy Policy</a> |
+            <a href="https://github.com/xpportal/Micro-Plugin-Publisher" class="text-purple-400 hover:underline">
+              Source Code
+            </a>
+          </div>
         </div>
       </div>
+
+      <!-- Playground initialization script -->
+    <script type="module">
+      import { startPlaygroundWeb } from 'https://playground.xr.foundation/client/index.js';
+      
+      document.getElementById('tryInPlayground').addEventListener('click', async () => {
+        const modal = document.getElementById('playgroundModal');
+        const iframe = document.getElementById('playground-iframe');
+        modal.classList.add('active');
+
+        try {
+          const client = await startPlaygroundWeb({
+            iframe: iframe,
+            remoteUrl: 'https://playground.xr.foundation/remote.html',
+            blueprint: {
+              landingPage: '/wp-admin/',
+              preferredVersions: {
+                php: '8.0',
+                wp: 'latest'
+              },
+              steps: [
+                {
+                  step: 'login',
+                  username: 'admin',
+                  password: 'password'
+                },
+                {
+                  step: 'installPlugin',
+                  pluginData: {
+                    resource: 'url',
+                    url: '/download?author=${encodeURIComponent(safePlugin.author)}&slug=${encodeURIComponent(safePlugin.slug)}track=false'
+                  }
+                }
+              ]
+            }
+          });
+        } catch (error) {
+          console.error('Playground initialization failed:', error);
+        }
+      });
+
+      document.getElementById('closePlayground').addEventListener('click', () => {
+        const modal = document.getElementById('playgroundModal');
+        const iframe = document.getElementById('playground-iframe');
+        modal.classList.remove('active');
+        iframe.src = 'about:blank';
+      });
+    </script>
     </body>
     </html>
   `;

api/src/secureHtmlService.js

@@ -7,28 +7,31 @@ class SecureHtmlService {
 
 	getSecurityHeaders(nonce) {
 		return {
-			'Content-Security-Policy': [
-				// Allow resources from same origin and CDN
-				"default-src 'self' https://cdn.jsdelivr.net",
-				// Allow scripts from CDN and inline scripts with nonce
-				`script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net`,
-				// Allow styles from CDN and inline styles
-				"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
-				// Allow images from any HTTPS source
-				"img-src 'self' https: data:",
-				// Allow fonts from CDN
-				"font-src 'self' https://cdn.jsdelivr.net",
-				// Basic security headers that don't impact functionality
-				"frame-ancestors 'none'",
-				"base-uri 'self'"
-			].join('; '),
-			'X-Content-Type-Options': 'nosniff',
-			'X-Frame-Options': 'DENY',
-			'Referrer-Policy': 'strict-origin-when-cross-origin'
+		  'Content-Security-Policy': [
+			// Allow resources from same origin and CDN
+			"default-src 'self' https://cdn.jsdelivr.net",
+			// Allow scripts from CDN and playground domains
+			`script-src 'self' 'nonce-${nonce}' https://cdn.jsdelivr.net https://playground.xr.foundation`,
+			// Allow styles from CDN and inline styles
+			"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
+			// Allow images from any HTTPS source
+			"img-src 'self' https: data:",
+			// Allow fonts from CDN
+			"font-src 'self' https://cdn.jsdelivr.net",
+			// Allow framing for playground
+			"frame-src 'self' https://playground.xr.foundation",
+			// Allow connections to playground
+			"connect-src 'self' https://playground.xr.foundation",
+			// Basic security headers
+			"base-uri 'self'"
+		  ].join('; '),
+		  'X-Content-Type-Options': 'nosniff',
+		  'X-Frame-Options': 'SAMEORIGIN',  // Changed from DENY to allow our iframe
+		  'Referrer-Policy': 'strict-origin-when-cross-origin'
 		};
-	}
+	  }
 
-	sanitizeText(text) {
+	  sanitizeText(text) {
 		if (!text) return '';
 		return String(text)
 			.replace(/&/g, '&')
@@ -69,14 +72,16 @@ class SecureHtmlService {
 					const src = element.getAttribute('src');
 					if (src && (
 						src.includes('cdn.jsdelivr.net') ||
-						src.includes('playground.wordpress.net')
+						src.includes('playground.wordpress.net') ||
+						src.includes('playground.xr.foundation') // Add our custom playground domain
 					)) {
 						element.setAttribute('nonce', nonce);
 						return;
 					}
 
 					// Allow our playground initialization script
-					if (element.hasAttribute('data-playground-init')) {
+					if (element.hasAttribute('data-playground-init') ||
+						element.getAttribute('type') === 'module') {  // Allow module scripts for playground
 						element.setAttribute('nonce', nonce);
 						return;
 					}