mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
FIX Use field editorconfig when sanitising content
This commit is contained in:
parent
3e1b5e6452
commit
99e965b5d7
@ -138,7 +138,8 @@ class HTMLEditorField extends TextareaField
|
|||||||
// Sanitise if requested
|
// Sanitise if requested
|
||||||
$htmlValue = HTMLValue::create($this->Value());
|
$htmlValue = HTMLValue::create($this->Value());
|
||||||
if (HTMLEditorField::config()->sanitise_server_side) {
|
if (HTMLEditorField::config()->sanitise_server_side) {
|
||||||
$santiser = HTMLEditorSanitiser::create(HTMLEditorConfig::get_active());
|
$config = $this->getEditorConfig();
|
||||||
|
$santiser = HTMLEditorSanitiser::create($config);
|
||||||
$santiser->sanitise($htmlValue);
|
$santiser->sanitise($htmlValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,6 +12,7 @@ use SilverStripe\Control\Director;
|
|||||||
use SilverStripe\Core\Config\Config;
|
use SilverStripe\Core\Config\Config;
|
||||||
use SilverStripe\Dev\CSSContentParser;
|
use SilverStripe\Dev\CSSContentParser;
|
||||||
use SilverStripe\Dev\FunctionalTest;
|
use SilverStripe\Dev\FunctionalTest;
|
||||||
|
use SilverStripe\Forms\HTMLEditor\HTMLEditorConfig;
|
||||||
use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
|
use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
|
||||||
use SilverStripe\Forms\HTMLEditor\TinyMCEConfig;
|
use SilverStripe\Forms\HTMLEditor\TinyMCEConfig;
|
||||||
use SilverStripe\Forms\HTMLReadonlyField;
|
use SilverStripe\Forms\HTMLReadonlyField;
|
||||||
@ -278,4 +279,41 @@ EOS
|
|||||||
$this->assertEquals("auto", $data_config->height, 'Config height is not set');
|
$this->assertEquals("auto", $data_config->height, 'Config height is not set');
|
||||||
$this->assertEquals("60px", $data_config->row_height, 'Config row_height is not set');
|
$this->assertEquals("60px", $data_config->row_height, 'Config row_height is not set');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testFieldConfigSanitization()
|
||||||
|
{
|
||||||
|
$obj = TestObject::create();
|
||||||
|
$editor = HTMLEditorField::create('Content');
|
||||||
|
$defaultValidElements = [
|
||||||
|
'@[id|class|style|title|data*]',
|
||||||
|
'a[id|rel|dir|tabindex|accesskey|type|name|href|target|title|class]',
|
||||||
|
'-strong/-b[class]',
|
||||||
|
'-em/-i[class]',
|
||||||
|
'-ol[class]',
|
||||||
|
'#p[id|dir|class|align|style]',
|
||||||
|
'-li[class]',
|
||||||
|
'br',
|
||||||
|
'-span[class|align|style]',
|
||||||
|
'-ul[class]',
|
||||||
|
'-h3[id|dir|class|align|style]',
|
||||||
|
'-h2[id|dir|class|align|style]',
|
||||||
|
'hr[class]',
|
||||||
|
];
|
||||||
|
$restrictedConfig = HTMLEditorConfig::get('restricted');
|
||||||
|
$restrictedConfig->setOption('valid_elements', implode(',', $defaultValidElements));
|
||||||
|
$editor->setEditorConfig($restrictedConfig);
|
||||||
|
|
||||||
|
$expectedHtmlString = '<p>standard text</p>Header';
|
||||||
|
$htmlValue = '<p>standard text</p><table><th><tr><td>Header</td></tr></th><tbody></tbody></table>';
|
||||||
|
$editor->setValue($htmlValue);
|
||||||
|
$editor->saveInto($obj);
|
||||||
|
$this->assertEquals($expectedHtmlString, $obj->Content, 'Table is not removed');
|
||||||
|
|
||||||
|
$defaultConfig = HTMLEditorConfig::get('default');
|
||||||
|
$editor->setEditorConfig($defaultConfig);
|
||||||
|
|
||||||
|
$editor->setValue($htmlValue);
|
||||||
|
$editor->saveInto($obj);
|
||||||
|
$this->assertEquals($htmlValue, $obj->Content, 'Table is removed');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user