From a4adad60e96cdcb8ebc87ea9f935cce47ac06a3a Mon Sep 17 00:00:00 2001 From: Guy Sartorelli Date: Thu, 18 Apr 2024 14:28:02 +1200 Subject: [PATCH] FIX Don't skip sanitisation when no valid elements are defined --- src/Forms/HTMLEditor/HTMLEditorSanitiser.php | 4 ---- .../HTMLEditor/HTMLEditorSanitiserTest.php | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/Forms/HTMLEditor/HTMLEditorSanitiser.php b/src/Forms/HTMLEditor/HTMLEditorSanitiser.php index a075d98fa..fa23c476b 100644 --- a/src/Forms/HTMLEditor/HTMLEditorSanitiser.php +++ b/src/Forms/HTMLEditor/HTMLEditorSanitiser.php @@ -287,10 +287,6 @@ class HTMLEditorSanitiser */ public function sanitise(HTMLValue $html) { - if (!$this->elements && !$this->elementPatterns) { - return; - } - $linkRelValue = $this->config()->get('link_rel_value'); $doc = $html->getDocument(); diff --git a/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php b/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php index d43dd9a5f..6e68b39d6 100644 --- a/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php +++ b/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php @@ -160,4 +160,21 @@ class HTMLEditorSanitiserTest extends FunctionalTest $this->assertEquals($output, $htmlValue->getContent(), "{$desc} - using config type: {$configType}"); } } + + /** + * Ensure that when there are no valid elements at all for a configuration set, + * nothing is allowed. + */ + public function testSanitiseNoValidElements(): void + { + $config = HTMLEditorConfig::get('htmleditorsanitisertest'); + $config->setOptions(['valid_elements' => '']); + $config->setOptions(['extended_valid_elements' => '']); + $sanitiser = new HtmlEditorSanitiser($config); + + $htmlValue = HTMLValue::create('

standard text

text
Header
'); + $sanitiser->sanitise($htmlValue); + + $this->assertEquals('standard texttextHeader', $htmlValue->getContent()); + } }