tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10977 from blueo/pulls/use-field-editorconfig-when-sanitizing

Browse Source 
Use field editorconfig when sanitising content
This commit is contained in:
Guy Sartorelli 2023-10-26 09:11:50 +13:00 committed by GitHub
commit 87f829a729
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Forms/HTMLEditor/HTMLEditorField.php
View File

@ -145,7 +145,8 @@ class HTMLEditorField extends TextareaField
// Sanitise if requested // Sanitise if requested
$htmlValue = HTMLValue::create($this->Value()); $htmlValue = HTMLValue::create($this->Value());
if (HTMLEditorField::config()->sanitise_server_side) { if (HTMLEditorField::config()->sanitise_server_side) {
$santiser = HTMLEditorSanitiser::create(HTMLEditorConfig::get_active()); $config = $this->getEditorConfig();
$santiser = HTMLEditorSanitiser::create($config);
$santiser->sanitise($htmlValue); $santiser->sanitise($htmlValue);
} }

38
tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
View File

@ -11,6 +11,7 @@ use SilverStripe\Assets\Image;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\CSSContentParser; use SilverStripe\Dev\CSSContentParser;
use SilverStripe\Dev\FunctionalTest; use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Forms\HTMLEditor\HTMLEditorConfig;
use SilverStripe\Forms\HTMLEditor\HTMLEditorField; use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
use SilverStripe\Forms\HTMLEditor\TinyMCEConfig; use SilverStripe\Forms\HTMLEditor\TinyMCEConfig;
use SilverStripe\Forms\HTMLReadonlyField; use SilverStripe\Forms\HTMLReadonlyField;
@ -229,4 +230,41 @@ EOS
$field->obj('ValueEntities')->forTemplate() $field->obj('ValueEntities')->forTemplate()
); );
} }
public function testFieldConfigSanitization()
{
$obj = TestObject::create();
$editor = HTMLEditorField::create('Content');
$defaultValidElements = [
'@[id|class|style|title|data*]',
'a[id|rel|dir|tabindex|accesskey|type|name|href|target|title|class]',
'-strong/-b[class]',
'-em/-i[class]',
'-ol[class]',
'#p[id|dir|class|align|style]',
'-li[class]',
'br',
'-span[class|align|style]',
'-ul[class]',
'-h3[id|dir|class|align|style]',
'-h2[id|dir|class|align|style]',
'hr[class]',
];
$restrictedConfig = HTMLEditorConfig::get('restricted');
$restrictedConfig->setOption('valid_elements', implode(',', $defaultValidElements));
$editor->setEditorConfig($restrictedConfig);
$expectedHtmlString = '<p>standard text</p>Header';
$htmlValue = '<p>standard text</p><table><th><tr><td>Header</td></tr></th><tbody></tbody></table>';
$editor->setValue($htmlValue);
$editor->saveInto($obj);
$this->assertEquals($expectedHtmlString, $obj->Content, 'Table is not removed');
$defaultConfig = HTMLEditorConfig::get('default');
$editor->setEditorConfig($defaultConfig);
$editor->setValue($htmlValue);
$editor->saveInto($obj);
$this->assertEquals($htmlValue, $obj->Content, 'Table is removed');
}
} }