Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-13 19:25:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add function dol_string_onlythesehtmlattributes() and option

Browse Source 
MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES to enable it.
This commit is contained in:
Laurent Destailleur
2021-03-17 21:36:20 +01:00
parent 11427cd49c
commit 35869f1449
2 changed files with 62 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
test/phpunit/SecurityTest.php
View File

@@ -571,6 +571,21 @@ class SecurityTest extends PHPUnit\Framework\TestCase
return 0;
}
/**
* testDolStringOnlyTheseHtmlAttributes
*
* @return number
*/
public function testDolStringOnlyTheseHtmlAttributes()
{
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$decodedstring = preg_replace("/\n$/", "", $decodedstring);
$this->assertEquals('<div><a href="123"><span class="abc">abc</span></a></div>', $decodedstring, 'Function did not sanitize correclty with test 1');
return 0;
}
/**
* testGetRandomPassword
*