Content filter: Allowed custom diagram attribute in allow-list

ssddanbrown · ssddanbrown · commit a8d96fd3892c · 2026-02-18T19:33:35.000Z
For #6026
diff --git a/app/Util/ConfiguredHtmlPurifier.php b/app/Util/ConfiguredHtmlPurifier.php
@@ -134,6 +134,13 @@ public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): vo
                 'value' => 'Text',
             ]
         );
+
+        // Allow the drawio-diagram attribute on div elements
+        $definition->addAttribute(
+            'div',
+            'drawio-diagram',
+            'Number',
+        );
     }
 
     public function purify(string $html): string
diff --git a/tests/Entity/PageContentFilteringTest.php b/tests/Entity/PageContentFilteringTest.php
@@ -463,6 +463,7 @@ public function test_allow_list_style_filtering()
             '<div style="position:absolute;left:0;color:#00FFEE;">Hello!</div>' => '<div style="color:#00FFEE;">Hello!</div>',
             '<div style="background:#FF0000;left:0;color:#00FFEE;">Hello!</div>' => '<div style="background:#FF0000;color:#00FFEE;">Hello!</div>',
             '<div style="color:#00FFEE;">Hello!<style>testinghello!</style></div>' => '<div style="color:#00FFEE;">Hello!</div>',
+            '<div drawio-diagram="5332" another-attr="cat">Hello!</div>' => '<div drawio-diagram="5332">Hello!</div>',
         ];
 
         config()->set('app.content_filtering', 'a');

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,13 @@ public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): vo`
`134`	`134`	`'value' => 'Text',`
`135`	`135`	`]`
`136`	`136`	`);`
	`137`	`+`
	`138`	`+ // Allow the drawio-diagram attribute on div elements`
	`139`	`+ $definition->addAttribute(`
	`140`	`+ 'div',`
	`141`	`+ 'drawio-diagram',`
	`142`	`+ 'Number',`
	`143`	`+ );`
`137`	`144`	`}`
`138`	`145`
`139`	`146`	`public function purify(string $html): string`