Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTMLValue setContent preg_replace stripping <header> tags #11298

Closed
2 tasks done
tomtom25 opened this issue Jul 3, 2024 · 1 comment
Closed
2 tasks done

HTMLValue setContent preg_replace stripping <header> tags #11298

tomtom25 opened this issue Jul 3, 2024 · 1 comment

Comments

@tomtom25
Copy link

tomtom25 commented Jul 3, 2024

Module version(s) affected

5.2.0

Description

In your dataobject when you use the 'htmltext' db field type the corresponding htmleditorfield class calls saveInto which passes the value to the HTMLValue class. Its constructor calls setContent which does a preg_replace on the html content and if you have any <header> tags in your content, it gets stripped out by the regex preg_replace.

How to reproduce

public function setContent($content)
    {
        $content = preg_replace('#</?(html|head|body)[^>]*>#si', '', $content);
        $html5 = new HTML5(['disable_html_ns' => true]);
        $document = $html5->loadHTML(
            '<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>' .
            "<body>$content</body></html>"
        );
        if ($document) {
            $this->setDocument($document);
            return true;
        }
        $this->valid = false;
        return false;
    }  
  1. HTMLEditorConfig::get('cms')->setOption('extended_valid_elements', 'header[class|data|id],'); // Make sure the editor itself doesn't strip out tags
  2. Create a page
  3. Click the source button on the wysiwyg editor
  4. Add html content that includes a tag
  5. click save or publish
  6. click the source button and see the content is now missing the tag

Possible Solution

replace $content = preg_replace('#</?(html|head|body)[^>]*>#si', '', $content);

with $content = preg_replace('#</?(html|head(?!er)|body)[^>]*>#si', '', $content);

or a regex that accomplishes the same result

Additional Context

No response

Validations

  • Check that there isn't already an issue that reports the same bug
  • Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)

PRs

@emteknetnz
Copy link
Member

Linked PR has been merged, it will be automatically tagged shortly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants