Use toString instead of html
The content saved to the database already encodes content that needs encoding, e.g. <script> tags. The problem with pQuery's `html` method is it decodes everything. By using toString instead, we should be getting the same contents that were saved to the database. MAILPOET-5632
This commit is contained in:
John Oleksowicz
committed by
Aschepikov
Aschepikov
parent
efc80b0476
commit
dae1cb19a8
@@ -38,7 +38,7 @@ class Text {
|
||||
if (preg_match('/h\d/', $paragraph->getTag())) {
|
||||
$contents[] = $paragraph->getOuterText();
|
||||
} else {
|
||||
$contents[] = str_replace('&', '&', $paragraph->html());
|
||||
$contents[] = $paragraph->toString(true, true, 1);
|
||||
}
|
||||
if ($index + 1 < $paragraphs->count()) $contents[] = '<br />';
|
||||
$paragraph->remove();
|
||||
@@ -105,7 +105,7 @@ class Text {
|
||||
if (!preg_match('/text-align/i', $style)) {
|
||||
$style = 'text-align: left;' . $style;
|
||||
}
|
||||
$contents = str_replace('&', '&', $paragraph->html());
|
||||
$contents = $paragraph->toString(true, true, 1);
|
||||
$paragraph->setTag('table');
|
||||
$paragraph->style = 'border-spacing:0;mso-table-lspace:0;mso-table-rspace:0;';
|
||||
$paragraph->width = '100%';
|
||||
@@ -144,7 +144,7 @@ class Text {
|
||||
if (!$lists->count()) return $html;
|
||||
foreach ($lists as $list) {
|
||||
if ($list->tag === 'li') {
|
||||
$list->setInnertext(str_replace('&', '&', $list->html()));
|
||||
$list->setInnertext($list->toString(true, true, 1));
|
||||
$list->class = 'mailpoet_paragraph';
|
||||
} else {
|
||||
$list->class = 'mailpoet_paragraph';
|
||||
|
||||
@@ -185,4 +185,39 @@ class TextTest extends \MailPoetUnitTest {
|
||||
$output = (new Text)->render($this->block);
|
||||
expect($output)->stringNotContainsString('<br />');
|
||||
}
|
||||
|
||||
public function htmlEntitiesStrings() {
|
||||
return [
|
||||
'paragraph' => ["<p>Text <script>alert('test');</script></p>"],
|
||||
'list' => ["<ul>Text <script>alert('test');</script></li></ul>"],
|
||||
'blockquote' => ["<ul>Text <script>alert('test');</script></li></ul>"],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider htmlEntitiesStrings
|
||||
*/
|
||||
public function testItDoesNotDecodeHtmlEntities($htmlString) {
|
||||
$this->block['text'] = $htmlString;
|
||||
$output = (new Text())->render($this->block);
|
||||
expect($output)->stringNotContainsString('<script>');
|
||||
expect($output)->stringContainsString("<script>alert('test');</script>");
|
||||
}
|
||||
|
||||
public function childElementStrings(): array {
|
||||
return [
|
||||
'paragraph' => ['<p><a href="https://example.com">Link</a></p>'],
|
||||
'list' => ['<p><ul><li><a href="https://example.com">Link</li></ul></a></p>'],
|
||||
'blockquote' => ['<blockquote><p><a href="https://example.com">Link</a></p></blockquote>'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider childElementStrings
|
||||
*/
|
||||
public function testItMaintainsHtmlInChildElements($htmlString) {
|
||||
$this->block['text'] = $htmlString;
|
||||
$output = (new Text())->render($this->block);
|
||||
expect($output)->stringContainsString('<a href="https://example.com">Link</a>');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user