Commit 1d8f75b3 authored by alexpott's avatar alexpott

Issue #2315255 by Dave Reid: Fixed Xss::split() fails on custom HTML elements...

Issue #2315255 by Dave Reid: Fixed Xss::split() fails on custom HTML elements with dashes in the name.
parent dd0c49dc
...@@ -152,7 +152,7 @@ protected static function split($string, $html_tags, $split_mode) { ...@@ -152,7 +152,7 @@ protected static function split($string, $html_tags, $split_mode) {
return '<'; return '<';
} }
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed. // Seriously malformed.
return ''; return '';
} }
......
...@@ -59,11 +59,19 @@ protected function setUp() { ...@@ -59,11 +59,19 @@ protected function setUp() {
* The expected result. * The expected result.
* @param string $message * @param string $message
* The assertion message to display upon failure. * The assertion message to display upon failure.
* @param array $allowed_tags
* (optional) The allowed HTML tags to be passed to \Drupal\Component\Utility\Xss::filter().
* *
* @dataProvider providerTestFilterXssNormalized * @dataProvider providerTestFilterXssNormalized
*/ */
public function testFilterXssNormalized($value, $expected, $message) { public function testFilterXssNormalized($value, $expected, $message, array $allowed_tags = NULL) {
$this->assertNormalized(Xss::filter($value), $expected, $message); if ($allowed_tags === NULL) {
$value = Xss::filter($value);
}
else {
$value = Xss::filter($value, $allowed_tags);
}
$this->assertNormalized($value, $expected, $message);
} }
/** /**
...@@ -76,6 +84,8 @@ public function testFilterXssNormalized($value, $expected, $message) { ...@@ -76,6 +84,8 @@ public function testFilterXssNormalized($value, $expected, $message) {
* - The value to filter. * - The value to filter.
* - The value to expect after filtering. * - The value to expect after filtering.
* - The assertion message. * - The assertion message.
* - (optional) The allowed HTML HTML tags array that should be passed to
* \Drupal\Component\Utility\Xss::filter().
*/ */
public function providerTestFilterXssNormalized() { public function providerTestFilterXssNormalized() {
return array( return array(
...@@ -94,6 +104,13 @@ public function providerTestFilterXssNormalized() { ...@@ -94,6 +104,13 @@ public function providerTestFilterXssNormalized() {
"who&amp;#039; online", "who&amp;#039; online",
'HTML filter -- double encoded html entity number', 'HTML filter -- double encoded html entity number',
), ),
// Custom elements with dashes in the tag name.
array(
"<test-element></test-element>",
"<test-element></test-element>",
'Custom element with dashes in tag name.',
array('test-element'),
),
); );
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment