Merge branch '5' into 6

src/ORM/DataObject.php

@@ -2512,7 +2512,7 @@ public function scaffoldFormFieldForHasOne(
         $list = DataList::create(static::class);
         $threshold = DBForeignKey::config()->get('dropdown_field_threshold');
         $overThreshold = $list->count() > $threshold;
-        $field = SearchableDropdownField::create($fieldName, $fieldTitle, $list, $labelField)
+        $field = SearchableDropdownField::create($fieldName, $fieldTitle, $list, $ownerRecord->{$relationName . 'ID'}, $labelField)
             ->setIsLazyLoaded($overThreshold)
             ->setLazyLoadLimit($threshold);
         return $field;

src/View/Parsers/HTMLValue.php

@@ -32,7 +32,7 @@ public function __construct($fragment = null)
      */
     public function setContent($content)
     {
-        $content = preg_replace('#</?(html|head|body)[^>]*>#si', '', $content);
+        $content = preg_replace('#</?(html|head(?!er)|body)[^>]*>#si', '', $content);
         $html5 = new HTML5(['disable_html_ns' => true]);
         $document = $html5->loadHTML(
             '<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>' .

tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php

@@ -182,7 +182,9 @@ public function testReadonlyField()
         $this->assertEquals(
             <<<EOS
 <span class="readonly typography" id="Content">
-	<img src="/assets/HTMLEditorFieldTest/f5c7c2f814/example__ResizedImageWzEwLDIwXQ.jpg" alt="" width="10" height="20" loading="lazy">
+	<img width="10" height="20" alt="" src="/assets/HTMLEditorFieldTest/f5c7c2f814/example__ResizedImageWzEwLDIwXQ.jpg" loading="lazy">
+
+
 </span>
 
 
@@ -199,7 +201,9 @@ public function testReadonlyField()
         $this->assertEquals(
             <<<EOS
 <span class="readonly typography" id="Content">
-	<img src="/assets/HTMLEditorFieldTest/f5c7c2f814/example__ResizedImageWzEwLDIwXQ.jpg" alt="" width="10" height="20" loading="lazy">
+	<img width="10" height="20" alt="" src="/assets/HTMLEditorFieldTest/f5c7c2f814/example__ResizedImageWzEwLDIwXQ.jpg" loading="lazy">
+
+
 </span>
 
 	<input type="hidden" name="Content" value="[image src=&quot;/assets/HTMLEditorFieldTest/f5c7c2f814/example.jpg&quot; width=&quot;10&quot; height=&quot;20&quot; id=&quot;{$fileID}&quot;]" />

tests/php/View/Parsers/HTMLValueTest.php

@@ -160,4 +160,32 @@ public function testValidHTMLInNoscriptTags()
             $this->assertEquals($noscript, $value->getContent(), 'Child tags are left untouched in noscript tags.');
         }
     }
+
+    public function provideOnlyStripIntendedTags(): array
+    {
+        return [
+            [
+                'input' => '<html><head></head><body><div><p>blahblah</p></div></body></html>',
+                'expected' => '<div><p>blahblah</p></div>',
+            ],
+            [
+                'input' => '<html><head></head><body><header></header><div><p>blahblah</p></div></body></html>',
+                'expected' => '<header></header><div><p>blahblah</p></div>',
+            ],
+            [
+                'input' => '<html some-attribute another-attribute="something"><head></head><body><div><p>blahblah</p></div></body></html>',
+                'expected' => '<div><p>blahblah</p></div>',
+            ],
+        ];
+    }
+
+    /**
+     * @dataProvider provideOnlyStripIntendedTags
+     */
+    public function testOnlyStripIntendedTags(string $input, string $expected): void
+    {
+        $value = new HTMLValue();
+        $value->setContent($input);
+        $this->assertEquals($expected, $value->getContent(), 'Invalid HTML can be parsed');
+    }
 }