diff --git a/.gitattributes b/.gitattributes index 0d97623..6d32411 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,11 +1,12 @@ -/tests export-ignore -/docs export-ignore -/client/src export-ignore -/.gitattributes export-ignore -/.gitignore export-ignore -/.php_cs.dist -/phpcs.xml.dist -/phpstan.neon.dist -/phpunit.xml.dist -/.waratah export-ignore -/README.md export-ignore +/tests export-ignore +/docs export-ignore +/client/src export-ignore +/.editorconfig export-ignore +/.gitattributes export-ignore +/.gitignore export-ignore +/.php-cs-fixer.dist.php export-ignore +/phpunit.xml.dist export-ignore +/.waratah export-ignore +/code-of-conduct.md export-ignore +/CONTRIBUTING.md export-ignore +/README.md export-ignore diff --git a/.gitignore b/.gitignore index d2051dc..29cf005 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,4 @@ /client/node_modules /vendor/ -/resources/ -/assets/ .DS_Store -/.php_cs.cache -/composer.lock -/silverstripe-cache/ +/.php_cs.fixer.cache diff --git a/.php_cs.dist b/.php-cs-fixer.dist.php similarity index 91% rename from .php_cs.dist rename to .php-cs-fixer.dist.php index 4faac27..f9b7107 100644 --- a/.php_cs.dist +++ b/.php-cs-fixer.dist.php @@ -7,8 +7,8 @@ $finder = PhpCsFixer\Finder::create() ->in(__DIR__); -return PhpCsFixer\Config::create() - ->setRules([ +$config = new PhpCsFixer\Config(); +return $config->setRules([ '@PSR2' => true, 'array_indentation' => true, 'array_syntax' => ['syntax' => 'short'], diff --git a/README.md b/README.md index 6e13a9d..f6fbf58 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Please use dedicated upload fields for handling file uploads. Per [composer.json](/composer.json): -+ silverstripe/framework ^4 ++ silverstripe/framework ^4.10.0 + jQuery 3.6.0 The field pulls in required Trumbowyg JS and CSS assets from [cdnjs.com](https://cdnjs.com) along with their respective Sub Resource Integrity (SRI) hashes. diff --git a/composer.json b/composer.json index 6632be8..722f223 100644 --- a/composer.json +++ b/composer.json @@ -32,15 +32,12 @@ ] }, "require": { - "silverstripe/framework" : "^4", + "silverstripe/framework" : "^4.10.0", "ezyang/htmlpurifier" : "^4.13" }, "require-dev": { - "phpunit/phpunit": "^5.7", - "squizlabs/php_codesniffer": "^3.0", - "friendsofphp/php-cs-fixer": "^2.18", - "codeception/codeception" : "^2.5 | ^3 | ^4", - "silverstripe/sqlite3": "^2", - "symbiote/silverstripe-phpstan": "^4" + "phpunit/phpunit": "^9.5", + "friendsofphp/php-cs-fixer": "^3", + "silverstripe/sqlite3": "^2" } } diff --git a/docs/en/001_index.md b/docs/en/001_index.md index 8dd712e..e28f91c 100644 --- a/docs/en/001_index.md +++ b/docs/en/001_index.md @@ -8,7 +8,7 @@ The editor configuration defines a restricted set of tags for saving. All attributes are removed upon save, except for: -+ the href attribute of the tag ++ the href attribute of the `` tag Additionally, "javascript:" is removed from the href attribute @@ -16,7 +16,7 @@ Additionally, "javascript:" is removed from the href attribute By default the following tags are allowed in the editor (see _config/config.yml) -```yaml +```yml - p - i - blockquote @@ -37,33 +37,13 @@ By default the following tags are allowed in the editor (see _config/config.yml) Only the `href` attribute is allowed (for links), with http or https schemes. -If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to '

' tags only. +If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to `

` tags only. The editor is provided a set of `tagsToRemove` for client-side editing (see _config/config.yml). This configuration is not used in saving the value, as value saving is determined by the `tagsToKeep` only. ## Options -If no configuration is provided, the following configuration is set: - -```php -$options = [ - "semantic" => true, // Generates a better, more semantic oriented HTML - "removeformatPasted" => true, // remove pasted styles from Word and friends - "resetCss" => true, // ref: https://alex-d.github.io/Trumbowyg/documentation/#reset-css - "autogrow" => true, // allow the text edit zone to extend - "buttons" => [ - [ "undo", "redo" ], - [ "p","h3", "h4", "h5", "strong", "em" ], // basic formatting - [ "link", "" ], // support adding links - [ "unorderedList", "orderedList" ], // ul and ol - [ "removeformat" ], // clear all formatting to assist with removing cruft - [ "fullscreen" ] // go full screen edit - ], - "tagsToKeep" => [ - "p" // only keep

tags by default - ] -]; -``` +If no configuration is provided, the default configuration defined in [TrumbowygEditorField::getFieldOptions()](../../src/Fields/TrumbowygEditorField.php) is used. ## Basic example diff --git a/phpcs.xml.dist b/phpcs.xml.dist deleted file mode 100644 index fe58f6f..0000000 --- a/phpcs.xml.dist +++ /dev/null @@ -1,11 +0,0 @@ - - - CodeSniffer ruleset for SilverStripe coding conventions. - - - - - - - - diff --git a/phpstan.neon.dist b/phpstan.neon.dist deleted file mode 100644 index 4eff0b7..0000000 --- a/phpstan.neon.dist +++ /dev/null @@ -1,6 +0,0 @@ -parameters: - autoload_directories: - - src - - tests -includes: - - vendor/symbiote/silverstripe-phpstan/phpstan.neon diff --git a/src/Models/ContentSanitiser.php b/src/Models/ContentSanitiser.php index 8e90ce1..4fbfb1e 100644 --- a/src/Models/ContentSanitiser.php +++ b/src/Models/ContentSanitiser.php @@ -28,14 +28,7 @@ class ContentSanitiser { * @return string */ public static function getAllowedHTMLTags() : string { - $allowedHTMLTags = ""; - if(!empty($options['tagsToKeep']) && is_array($options['tagsToKeep'])) { - // mogrify into something for strip_tags - $allowedHTMLTags = "<" . implode("><", $options['tagsToKeep']) . ">"; - } - if($allowedHTMLTags == "") { - $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags'); - } + $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags'); if($allowedHTMLTags == "") { $allowedHTMLTags = "

";// disallow all } diff --git a/tests/FieldTest.php b/tests/FieldTest.php index e6ee235..8ac5b58 100644 --- a/tests/FieldTest.php +++ b/tests/FieldTest.php @@ -124,4 +124,29 @@ public function testGenerateConfig() { $this->assertEquals( $expected, $config, "Configuration is not as expected" ); } + /** + * test that only

tags are returned + */ + public function testEmptyConfig() { + $tags = ""; + Config::inst()->update( + ContentSanitiser::class, + 'default_allowed_html_tags', + $tags + ); + $expectedGeneratedTags = ['p']; + $generatedTags = ContentSanitiser::getAllowedHTMLTagsAsArray(); + $this->assertEquals( $expectedGeneratedTags, $generatedTags, "Generated tags should match expected"); + + $config = ContentSanitiser::generateConfig(); + $expected = [ + 'Core.Encoding' => 'UTF-8', + 'HTML.AllowedElements' => $expectedGeneratedTags, + 'HTML.AllowedAttributes' => ['href'], + 'URI.AllowedSchemes' => ['http','https', 'mailto', 'callto'], + 'Attr.ID.HTML5' => true + ]; + $this->assertEquals( $expected, $config, "Configuration is not as expected" ); + } + }