FIX Don't skip sanitisation when no valid elements are defined

This commit is contained in:
Guy Sartorelli 2024-04-18 14:28:02 +12:00
parent 584968e80c
commit a4adad60e9
No known key found for this signature in database
GPG Key ID: F313E3B9504D496A
2 changed files with 17 additions and 4 deletions

View File

@ -287,10 +287,6 @@ class HTMLEditorSanitiser
*/
public function sanitise(HTMLValue $html)
{
if (!$this->elements && !$this->elementPatterns) {
return;
}
$linkRelValue = $this->config()->get('link_rel_value');
$doc = $html->getDocument();

View File

@ -160,4 +160,21 @@ class HTMLEditorSanitiserTest extends FunctionalTest
$this->assertEquals($output, $htmlValue->getContent(), "{$desc} - using config type: {$configType}");
}
}
/**
* Ensure that when there are no valid elements at all for a configuration set,
* nothing is allowed.
*/
public function testSanitiseNoValidElements(): void
{
$config = HTMLEditorConfig::get('htmleditorsanitisertest');
$config->setOptions(['valid_elements' => '']);
$config->setOptions(['extended_valid_elements' => '']);
$sanitiser = new HtmlEditorSanitiser($config);
$htmlValue = HTMLValue::create('<p>standard text</p><table><tbody><tr><th><a href="some-link">text</a></th></tr><tr><td>Header</td></tr></tbody></table>');
$sanitiser->sanitise($htmlValue);
$this->assertEquals('standard texttextHeader', $htmlValue->getContent());
}
}