CSS file is deferred when CSS element has defer attribute in default_head_blocks.xml.

[nurullah]

Description (*)

While I searching for ways to defer non-critical CSS files, I found that magento2 has a defer attribute in the head.xsd file. This means I can write the following code in the default_head_blocks.xml without any errors.

<css src="css/intl-tel-input.css" defer="true" />

But I realized that this defer attribute has no effect on the CSS element. Because HTML link element doesn't have defer attribute. It only works with the <script> element. This pull request aims to provide defer feature for CSS files with defer non-critical render-blocking CSS hacky method.

Related Pull Requests

1. Fixes [View] Removed extra space in link and script tag #32919

Fixed Issues (if relevant)

1. Fixes What is the purpose of the defer attribute in the linkType elements (css, link, font)? #37657

Manual testing scenarios (*)

1. Create/Open default_head_blocks.xml file and add a CSS element like below;

<css src="css/intl-tel-input.css" defer="true" />

2. Flush cache (bin/magento cache:flush)
3. Open your Magento2 site in the browser and press ctrl + u combination.
4. See that the CSS file is defined as deferred like below.

<link rel="preload" type="text/css" as="style" onload="this.onload=null;this.rel=&#039;stylesheet&#039;" href="https://magento.test/static/version1690544175/frontend/ExampleVendor/base/tr_TR/css/intl-tel-input.css" />
<noscript><link rel="stylesheet" href="https://magento.test/static/version1690544175/frontend/ExampleVendor/base/tr_TR/css/intl-tel-input.css"></noscript>

5. Disable Javascript in site settings on the browser. Be sure that the css file loaded properly.

Questions or comments

I am not entirely sure that these changes are correct and I don't know if it will affect other code. I tested it on my browser and it works fine. Please review my code and let me know if I made any mistakes.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @nurullah. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.

Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[mrtuvn]

Seem good fix inmy opinion. Can you able to add some automate test cover new changes

[mrtuvn]

lib/internal/Magento/Framework/View/Test/Unit/Page/Config/RendererTest.php
Unit test stay in here

[hostep]

Should be escapeHtmlAttr instead of escapeHtml I think?

---

And in the case of the onload one, it should be escapeJs inside a escapeHtmlAttr according to the docs:

Case: All JavaScript inside attributes must be escaped by escapeJs before escapeHtmlAttr:

[nurullah]

The escapeHtmlAttr function escapes slash character and it looks like the below;

It's pretty useful for body element attributes but not for head element attributes. Also, before this pull request, the same escapeHtml function was used for the attribute value.

magento2/lib/internal/Magento/Framework/View/Page/Config/Renderer.php

Lines 332 to 334 in 0a834cc

	foreach ($attributes as $name => $value) {
	$attributesString .= ' ' . $name . '="' . $this->escaper->escapeHtml($value) . '"';
	}

[hostep]

Thanks for the feedback! I know too little about this, would be great if somebody with a little bit of security knowledge could double check this here then.

[hostep]

@nathanjosiah: if you have a little bit of time, do you have some input here?

[nathanjosiah]

If the main issue is that escapeHtmlAttr escaped all chars then that is correct behavior even for head.

For example:

<html>
<head>
<style id="foo&#x2F;bar"></style>
</head>
<body>
Test succeeds if this is green
<script>document.getElementById('foo/bar').innerHTML = 'body { color: green; }';</script>
</body>
</html>

The text would be green.

Here is a small demo that shows this off.

[nathanjosiah]

escapeHtmlAttr is appropriate for all attributes including script attributes. You would only need to combine escapeJs with escapeHtmlAttr if there is additional content being injected into the JS. For example from our devdocs

<div
    onclick="<?= $escaper->escapeHtmlAttr('handler("' . $escaper->escapeJs($aString) . '", ' . $escaper->escapeJs($aVar) .')') ?>">
    My DIV
</div>

As far as I can see, this PR is using the escaper methods correctly.

[nurullah]

Looks like this PR is still waiting for your review @hostep. If there are no other problems, can you take this to the next step? Thanks.

[hostep]

I don't have a lot of expert knowledge on the subject but since somebody forced me to review this (I wasn't able to unassign myself), I approved it anyways.

[sky-hub]

Please be advised that because of too much escaping we end up with this in page source:

[hostep]

@sky-hub: and how is that a problem? A browser should be able to decode those without an issue. It's like writing > or < in the html source to display > or <. In this case / translates to / for example. It's redundant and will increase the payload size a bit sure, but it shouldn't break anything.

[nurullah]

Seem good fix inmy opinion. Can you able to add some automate test cover new changes

I added unit test for defer attribute.

@magento run Unit Tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[nurullah]

I opened the unit tests report but I didn't see any error. All 3 reports detail shows RendererTest.php passed the test. But unit tests failed surprisingly. So, I restart the unit test.

@magento run Unit Tests

[nurullah]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[nurullah]

@magento run all Unit Tests, Functional Tests

[magento-automated-testing]

Failed to run the builds. Please try to re-run them later.

[nurullah]

@magento run all Unit Tests, Static Tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[nurullah]

@magento run all Unit Tests

[magento-automated-testing]

Failed to run the builds. Please try to re-run them later.

[nurullah]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[nurullah]

@magento run Functional Tests CE, Functional Tests EE, Functional Tests B2B

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.

[nurullah]

@magento run all tests

[magento-automated-testing]

The requested builds are added to the queue. You should be able to see them here within a few minutes. Please message the #magento-devops slack channel if they don't show in a reasonable amount of time and a representative will look into any issues.