FIX Don't skip sanitisation when no valid elements are defined

2024-04-18 14:28:02 +12:00 · 2024-04-18 14:28:02 +12:00 · a4adad60e9
parent 584968e80c
commit a4adad60e9
2 changed files with 17 additions and 4 deletions
--- a/src/Forms/HTMLEditor/HTMLEditorSanitiser.php
+++ b/src/Forms/HTMLEditor/HTMLEditorSanitiser.php
@ -287,10 +287,6 @@ class HTMLEditorSanitiser
     */
    public function sanitise(HTMLValue $html)
    {
-        if (!$this->elements && !$this->elementPatterns) {
-            return;
-        }
-
        $linkRelValue = $this->config()->get('link_rel_value');
        $doc = $html->getDocument();

--- a/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
+++ b/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
@ -160,4 +160,21 @@ class HTMLEditorSanitiserTest extends FunctionalTest
            $this->assertEquals($output, $htmlValue->getContent(), "{$desc} - using config type: {$configType}");
        }
    }
+
+    /**
+     * Ensure that when there are no valid elements at all for a configuration set,
+     * nothing is allowed.
+     */
+    public function testSanitiseNoValidElements(): void
+    {
+        $config = HTMLEditorConfig::get('htmleditorsanitisertest');
+        $config->setOptions(['valid_elements' => '']);
+        $config->setOptions(['extended_valid_elements' => '']);
+        $sanitiser = new HtmlEditorSanitiser($config);
+
+        $htmlValue = HTMLValue::create('<p>standard text</p><table><tbody><tr><th><a href="some-link">text</a></th></tr><tr><td>Header</td></tr></tbody></table>');
+        $sanitiser->sanitise($htmlValue);
+
+        $this->assertEquals('standard texttextHeader', $htmlValue->getContent());
+    }
 }