tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX Don't skip sanitisation when no valid elements are defined

Browse Source
This commit is contained in:
Guy Sartorelli 2024-04-18 14:28:02 +12:00
parent 584968e80c
commit a4adad60e9
No known key found for this signature in database
GPG Key ID: F313E3B9504D496A
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Forms/HTMLEditor/HTMLEditorSanitiser.php
View File

@ -287,10 +287,6 @@ class HTMLEditorSanitiser
*/
public function sanitise(HTMLValue $html)
{
if (!$this->elements && !$this->elementPatterns) {
return;
}
$linkRelValue = $this->config()->get('link_rel_value');
$doc = $html->getDocument();

17
tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
View File

@ -160,4 +160,21 @@ class HTMLEditorSanitiserTest extends FunctionalTest
$this->assertEquals($output, $htmlValue->getContent(), "{$desc} - using config type: {$configType}");
}
}
/**
* Ensure that when there are no valid elements at all for a configuration set,
* nothing is allowed.
*/
public function testSanitiseNoValidElements(): void
{
$config = HTMLEditorConfig::get('htmleditorsanitisertest');
$config->setOptions(['valid_elements' => '']);
$config->setOptions(['extended_valid_elements' => '']);
$sanitiser = new HtmlEditorSanitiser($config);
$htmlValue = HTMLValue::create('<p>standard text</p><table><tbody><tr><th><a href="some-link">text</a></th></tr><tr><td>Header</td></tr></tbody></table>');
$sanitiser->sanitise($htmlValue);
$this->assertEquals('standard texttextHeader', $htmlValue->getContent());
}
}