diff --git a/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php b/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
index 3d5c3d5c6..d43dd9a5f 100644
--- a/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
+++ b/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
@@ -11,9 +11,9 @@ use SilverStripe\View\Parsers\HTMLValue;
class HTMLEditorSanitiserTest extends FunctionalTest
{
- public function testSanitisation()
+ public function provideSanitise(): array
{
- $tests = [
+ return [
[
'p,strong',
'
Leave Alone
Strip parentBut keep children in order
',
@@ -129,13 +129,20 @@ class HTMLEditorSanitiserTest extends FunctionalTest
'XSS vulnerable attributes starting with on or style are removed via configuration'
],
];
+ }
- $config = HTMLEditorConfig::get('htmleditorsanitisertest');
-
- foreach ($tests as $test) {
- list($validElements, $input, $output, $desc) = $test;
-
- $config->setOptions(['valid_elements' => $validElements]);
+ /**
+ * @dataProvider provideSanitise
+ */
+ public function testSanitisation(string $validElements, string $input, string $output, string $desc): void
+ {
+ foreach (['valid_elements', 'extended_valid_elements'] as $configType) {
+ $config = HTMLEditorConfig::get('htmleditorsanitisertest_' . $configType);
+ $config->setOptions([$configType => $validElements]);
+ // Remove default valid elements if we're testing extended valid elements
+ if ($configType !== 'valid_elements') {
+ $config->setOptions(['valid_elements' => '']);
+ }
$sanitiser = new HtmlEditorSanitiser($config);
$value = 'noopener noreferrer';
@@ -144,12 +151,13 @@ class HTMLEditorSanitiserTest extends FunctionalTest
} elseif (strpos($desc ?? '', 'link_rel_value is null') !== false) {
$value = null;
}
- Config::inst()->set(HTMLEditorSanitiser::class, 'link_rel_value', $value);
+
+ HTMLEditorSanitiser::config()->set('link_rel_value', $value);
$htmlValue = HTMLValue::create($input);
$sanitiser->sanitise($htmlValue);
- $this->assertEquals($output, $htmlValue->getContent(), $desc);
+ $this->assertEquals($output, $htmlValue->getContent(), "{$desc} - using config type: {$configType}");
}
}
}