Conversation
…figuration and setup
❌ Issue Linking RequiredThis PR could not be linked to an issue. All PRs must be linked to an issue for tracking purposes. How to fix this:Option 1: Add keyword to PR body (Recommended - auto-removes this comment)
Why is this required?Issue linking ensures proper tracking, documentation, and helps maintain project history. It connects your code changes to the problem they solve.--- This comment was automatically generated by the issue linking workflow |
|
Claude finished @rjvelazco's task in 2m 36s —— View job PR Review
Hardcoded JWT Token — Blocker
A full JWT with expiry 2029 is committed to the repository. The "local demo" comment doesn't help — it's in git history permanently and is already distributed to every clone. The token is used in five places:
This token should be revoked immediately and replaced with an injected config token (e.g.
|
|
Rollback Safety Analysis - Safe to Roll Back. All 9 changed files are frontend Angular config only (new-block-editor library scaffold). Label AI: Safe To Rollback applied. |
… the new Block Editor V1
…older enhancements
…d error handling and empty state management
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
Bugbot Autofix is kicking off a free cloud agent to fix these issues. This run is complimentary, but you can enable autofix for all future PRs in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 77fd1d1. Configure here.
| */ | ||
| export const DOT_CMS_BASE_URL = 'http://localhost:8080'; | ||
| export const DOT_CMS_AUTH_TOKEN = | ||
| 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhcGljNjI1Yjg1NC0zYzc2LTRjMjItYTc0Yy00MWI1M2NkYmYwMzkiLCJ4bW9kIjoxNzc1NzY3MDM0MDAwLCJuYmYiOjE3NzU3NjcwMzQsImlzcyI6ImRvdGNtcy1wcm9kdWN0aW9uIiwibGFiZWwiOiJkZXYiLCJleHAiOjE4NzA0MDE2MDAsImlhdCI6MTc3NTc2NzAzNCwianRpIjoiOGI1M2VmNmYtNzA4OS00NThmLThjMjQtNDMzN2Y1MmNiMGRmIn0.4Y4SMqhMDG0vJ4xbMTZ2AtSAIeyB5NEgZ7yIUMWkASg'; |
There was a problem hiding this comment.
Hardcoded JWT auth token committed to repository
High Severity
A full JWT token is hardcoded in DOT_CMS_AUTH_TOKEN and will be committed to the repository. Even though the comment says "local demo," this token is used by multiple services (DotCmsUploadService, DotCmsContentletService, DotCmsContentTypeService) for Authorization: Bearer headers against a dotCMS instance. This token has an expiry date in 2029 and is now exposed in version control history permanently.
Reviewed by Cursor Bugbot for commit 77fd1d1. Configure here.
| this.commandFn = null; | ||
| // isOpen and clientRectFn unchanged — menu is already visible and positioned | ||
| }); | ||
| } |
There was a problem hiding this comment.
Commented-out state updates cause stale menu display
Medium Severity
In openSubmenu(), the lines this.items.set([]), this.activeIndex.set(0), and this.isLoading.set(true) are all commented out. Similarly in setItems(), this.activeIndex.set(0) and this.isLoading.set(false) are commented out. This means the loading spinner never appears during async content-type fetches, stale items from the previous menu remain visible while loading, and activeIndex isn't reset when new sub-menu items arrive — risking an out-of-bounds selection on Enter.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 77fd1d1. Configure here.
| } | ||
| }) | ||
| ] | ||
| }; |
There was a problem hiding this comment.
Unused library files: app config, routes, and spec
Low Severity
app.config.ts, app.routes.ts, and app.spec.ts in libs/new-block-editor/src/lib/ are never imported by anything in the codebase. The app.config.ts sets up provideRouter with empty routes and PrimeNG theming that no consumer uses. The app.spec.ts tests App for an h1 containing "Hello, block-editor" which doesn't exist in the actual App template. These appear to be leftover scaffolding files.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 77fd1d1. Configure here.
| user-select: none !important; | ||
| } | ||
|
|
||
| code { |
There was a problem hiding this comment.
Shared global code CSS removed affecting other consumers
Medium Severity
The global code element styling (color, background, padding, font-family, line-break) was removed from the shared styles.scss in libs/dotcms-scss/angular/. This is a shared stylesheet imported by multiple applications, not just the block editor. Removing this rule may break code element rendering across all consuming apps that relied on this global style.
Reviewed by Cursor Bugbot for commit 77fd1d1. Configure here.
…o dialogs, enhancing search and display functionality
|
You have used all of your free Bugbot PR reviews. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
|
Rollback Safety Analysis - Safe to Roll Back. All 57 changed files are frontend Angular/TypeScript only (new-block-editor library scaffold, block-editor app refactor, SCSS, package.json). No database migrations, Elasticsearch mapping changes, API contract changes, or any backend code modified. Label AI: Safe To Rollback applied. |
…ity and image properties form
…gle grid extension and enhance resizing capabilities
Legal RiskThe following dependencies were released under a license that RecommendationWhile merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue. GPL-2.0 MPL-2.0 |
…proved store management, and updated slash menu functionality - Added a comprehensive porting checklist for tracking features in the new block editor. - Introduced EditorStore for managing editor state, including allowed block types and language ID. - Updated slash menu service to utilize the new store for block type filtering. - Refactored image and video extensions to use consistent node names. - Improved editor component with additional input properties for better integration with dotCMS content types. - Cleaned up unused code and comments in editor click handling. This commit enhances the overall functionality and maintainability of the new block editor.
…s to prevent data loss
… consistent node names
…ng dialog interactions
…r improved clarity
…agement and state management
…ure and state management - Consolidated dialog handling into a single to manage the state and payloads of various dialogs (image, link, video, etc.). - Introduced a new for consistent dialog presentation and behavior, including positioning and visibility management. - Updated dialog components (image, link, table, emoji) to utilize the new dialog system, enhancing maintainability and reducing code duplication. - Removed legacy dialog services to streamline the codebase and improve clarity.
…ta and improved upload process
- Replaced `EditorComponent` with `DotCMSEditorComponent` across various files for consistency. - Removed unused global styles from `styles.css` and added new styles to `editor.component.css`. - Introduced a new block options constant for better management of allowed blocks in the editor settings. - Updated toolbar icons to use the correct Material Icons set. - Improved the handling of editor content normalization and state management. This refactor aims to streamline the block editor's structure and improve maintainability.
…date references - Added support for the new "Material Symbols Outlined" font, including its CSS and SCSS definitions. - Updated existing components to utilize the new font for toolbar icons, replacing legacy Material Icons references. - Renamed legacy Material Icons to clarify their status as outdated. This update enhances the iconography in the block editor, aligning with the latest design standards.



WIP
Videos
video.mov
Note
High Risk
High risk because this is a large refactor that swaps the block editor app to a new standalone editor implementation, upgrades TipTap/ngx-tiptap major versions, and adds dotCMS upload/search integrations including a hardcoded auth token/base URL in code.
Overview
Replaces the
dotcms-block-editorapp’s NgModule-based bootstrap with Angular standalonebootstrapApplicationand points the app at the newEditorComponentexported from@dotcms/new-block-editor, alongside updated Angular build target config (new executor/outputPath structure, dev config, baseHref).Adds a new
new-block-editorlibrary implementing an experimental TipTap v3-based editor with slash menu, toolbar, drag-handle gutter, link/image/video/table dialogs, emoji picker, upload placeholders, and dotCMS-backed asset/content-type search + upload services.Updates global styling for the new editor UI (Tailwind layers, typography plugin, Material Symbols, TipTap/table/link/upload-placeholder styles) and bumps editor-related dependencies (TipTap v3,
ngx-tiptap, Floating UI, emoji-mart); also removes a shared SCSScodestyle block.Reviewed by Cursor Bugbot for commit 77fd1d1. Bugbot is set up for automated code reviews on this repo. Configure here.