From dc7dae81c1af0513dd7d992d47fa77031e755f77 Mon Sep 17 00:00:00 2001
From: Sandra Kuipers <sandra@skuipers.com>
Date: Thu, 2 Sep 2021 13:22:57 +0800
Subject: [PATCH] System: fix the Validator class so sanitizeHTML is multibyte
 safe

---
 CHANGELOG.txt          | 1 +
 src/Data/Validator.php | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 688f8c3952..2b2283b763 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -22,6 +22,7 @@ v22.0.01
         Messenger: fixed sanitization of text when creating new messages
 
     Bug Fixes
+        System: fixed the Validator class so sanitizeHTML is multibyte safe
         System: fixed lesson plan content in demo data
         System: fixed checks for existing fields in database migrations
         System: fixed cookie consent message to not redirect to the dashboard
diff --git a/src/Data/Validator.php b/src/Data/Validator.php
index e64514282d..8a2790da7f 100644
--- a/src/Data/Validator.php
+++ b/src/Data/Validator.php
@@ -180,6 +180,8 @@ protected function stripAttributes(&$value, &$allowableTags = [])
         $dom->validateOnParse=false;
         libxml_use_internal_errors(true);
 
+        $value = '<?xml encoding="utf-8" ?>' . mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8');
+
         if ($dom->loadHTML('<body>'.$value.'</body>', LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD)) {
             // Iterate over the DOM and remove attributes not in the whitelist
             foreach ($dom->getElementsByTagName('*') as $node) {