Skip to content

Commit

Permalink
System: fix the Validator class so sanitizeHTML is multibyte safe
Browse files Browse the repository at this point in the history
  • Loading branch information
@SKuipers
SKuipers committed Sep 2, 2021
1 parent aa63ae0 commit dc7dae8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ v22.0.01
Messenger: fixed sanitization of text when creating new messages

Bug Fixes
System: fixed the Validator class so sanitizeHTML is multibyte safe
System: fixed lesson plan content in demo data
System: fixed checks for existing fields in database migrations
System: fixed cookie consent message to not redirect to the dashboard
Expand Down
2 changes: 2 additions & 0 deletions src/Data/Validator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,8 @@ protected function stripAttributes(&$value, &$allowableTags = [])
$dom->validateOnParse=false;
libxml_use_internal_errors(true);

$value = '<?xml encoding="utf-8" ?>' . mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');

if ($dom->loadHTML('<body>'.$value.'</body>', LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD)) {
// Iterate over the DOM and remove attributes not in the whitelist
foreach ($dom->getElementsByTagName('*') as $node) {
Expand Down

0 comments on commit dc7dae8

Please sign in to comment.