Skip to content

Commit 7aef0a4

Browse files
ssddanbrownssddanbrown
committed
Content: Updated filters to allow some required attributes
- Allows target attribute on links. - Allows custom mention attribute on links. Adds test case to cover these. For #6034
1 parent 8020451 commit 7aef0a4

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed

app/Util/ConfiguredHtmlPurifier.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,8 @@ protected function setConfig(HTMLPurifier_Config $config, string $cachePath): vo
7171
$config->set('Core.AllowHostnameUnderscore', true);
7272
$config->set('CSS.AllowTricky', true);
7373
$config->set('HTML.SafeIframe', true);
74+
$config->set('HTML.TargetNoopener', false);
75+
$config->set('HTML.TargetNoreferrer', false);
7476
$config->set('Attr.EnableID', true);
7577
$config->set('Attr.ID.HTML5', true);
7678
$config->set('Output.FixInnerHTML', false);
@@ -141,6 +143,12 @@ public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): vo
141143
'drawio-diagram',
142144
'Number',
143145
);
146+
147+
// Allow target="_blank" on links
148+
$definition->addAttribute('a', 'target', 'Enum#_blank');
149+
150+
// Allow mention-ids on links
151+
$definition->addAttribute('a', 'data-mention-user-id', 'Number');
144152
}
145153

146154
public function purify(string $html): string

tests/Entity/PageContentFilteringTest.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -478,4 +478,25 @@ public function test_allow_list_style_filtering()
478478
$resp->assertSee($expected, false);
479479
}
480480
}
481+
482+
public function test_allow_list_does_not_filter_cases()
483+
{
484+
$testCasesExpectedByInput = [
485+
'<p><a href="https://example.com" target="_blank">New tab linkydoodle</a></p>',
486+
'<p><a href="https://example.com/user/1" data-mention-user-id="5">@mentionusertext</a></p>',
487+
'<details><summary>Hello</summary><p>Mydetailshere</p></details>',
488+
];
489+
490+
config()->set('app.content_filtering', 'a');
491+
$page = $this->entities->page();
492+
$this->asEditor();
493+
494+
foreach ($testCasesExpectedByInput as $input) {
495+
$page->html = $input;
496+
$page->save();
497+
$resp = $this->get($page->getUrl());
498+
499+
$resp->assertSee($input, false);
500+
}
501+
}
481502
}

0 commit comments

Comments
 (0)