Leave Alone
Leave Alone
Strip parentBut keep children in order', 'Non-whitelisted elements are stripped, but children are kept' ], [ 'p,strong', 'Keep
', 'Keep
', 'Non-whitelisted script elements are totally stripped, including any children' ], [ 'p[id]', 'Test
', 'Test
', 'Non-whitelisted attributes are stripped' ], [ 'p[default1=default1|default2=default2|force1:force1|force2:force2]', 'Test
', 'Test
', 'Default attributes are set when not present in input, forced attributes are always set' ], [ 'a[href|target|rel]', 'Test', 'Test', 'noopener rel attribute is added when target attribute is set' ], [ 'a[href|target|rel]', 'Test', 'Test', 'noopener rel attribute is added when target is _top instead of _blank' ], [ 'a[href|target|rel]', 'Test', 'Test', 'noopener rel attribute is removed when target is not set' ], [ 'a[href|target|rel]', 'Test', 'Test', 'noopener rel attribute is removed when link_rel_value is an empty string' ], [ 'a[href|target|rel]', 'Test', 'Test', 'noopener rel attribute is unchanged when link_rel_value is null' ], [ 'a[href|target|rel]', 'Test', 'Test', 'Javascript in the href attribute of a link is completely removed' ], [ 'a[href|target|rel]', 'Test', 'Test', 'Javascript in the href attribute of a link is completely removed even for multiline markup' ], [ 'map[name],area[href|shape|coords]', '', '', 'Javascript in the href attribute of a map\'s clickable area is completely removed' ], [ 'iframe[src]', '', '', 'Javascript in the src attribute of an iframe is completely removed' ], ]; $config = HTMLEditorConfig::get('htmleditorsanitisertest'); foreach ($tests as $test) { list($validElements, $input, $output, $desc) = $test; $config->setOptions(['valid_elements' => $validElements]); $sanitiser = new HtmlEditorSanitiser($config); $value = 'noopener noreferrer'; if (strpos($desc ?? '', 'link_rel_value is an empty string') !== false) { $value = ''; } elseif (strpos($desc ?? '', 'link_rel_value is null') !== false) { $value = null; } Config::inst()->set(HTMLEditorSanitiser::class, 'link_rel_value', $value); $htmlValue = HTMLValue::create($input); $sanitiser->sanitise($htmlValue); $this->assertEquals($output, $htmlValue->getContent(), $desc); } } }