From 88c698796b2097301d494a9109631aa2bc96ec48 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sun, 5 Sep 2021 23:52:39 +0100 Subject: [PATCH] Fixed issue with HTML tags in custom head scripts Fixes a strange issue of HTML tags within script tags being malformed when part of the HTML custom head content due to the PHP parsing we do. DOMDocument seemed to cause this upon load. Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but not really sure why. Doesn't seem to cause further issues though. Tested with multiple scripts and styles and comments and meta tags. - Also added new testing class to cover. - As part of testing, added new folder within tests to house setting specific tests. For #2914 --- app/Util/HtmlNonceApplicator.php | 5 ++-- tests/Settings/CustomHeadContentTest.php | 30 ++++++++++++++++++++++++ tests/{ => Settings}/FooterLinksTest.php | 2 +- 3 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 tests/Settings/CustomHeadContentTest.php rename tests/{ => Settings}/FooterLinksTest.php (98%) diff --git a/app/Util/HtmlNonceApplicator.php b/app/Util/HtmlNonceApplicator.php index e66625bf2..52f334394 100644 --- a/app/Util/HtmlNonceApplicator.php +++ b/app/Util/HtmlNonceApplicator.php @@ -24,7 +24,7 @@ class HtmlNonceApplicator $html = '' . $html . ''; libxml_use_internal_errors(true); $doc = new DOMDocument(); - $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8')); + $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'), LIBXML_SCHEMA_CREATE); $xPath = new DOMXPath($doc); // Apply to scripts @@ -38,7 +38,8 @@ class HtmlNonceApplicator $returnHtml = ''; $topElems = $doc->documentElement->childNodes->item(0)->childNodes; foreach ($topElems as $child) { - $returnHtml .= $doc->saveHTML($child); + $content = $doc->saveHTML($child); + $returnHtml .= $content; } return $returnHtml; diff --git a/tests/Settings/CustomHeadContentTest.php b/tests/Settings/CustomHeadContentTest.php new file mode 100644 index 000000000..0e44e3ed3 --- /dev/null +++ b/tests/Settings/CustomHeadContentTest.php @@ -0,0 +1,30 @@ +setSettings(['app-custom-head' => '']); + $resp = $this->get('/login'); + $resp->assertSee('console.log("cat")'); + } + + public function test_configured_content_does_not_show_on_settings_page() + { + $this->setSettings(['app-custom-head' => '']); + $resp = $this->asAdmin()->get('/settings'); + $resp->assertDontSee('console.log("cat")'); + } + + public function test_divs_in_js_preserved_in_configured_content() + { + $this->setSettings(['app-custom-head' => '']); + $resp = $this->get('/login'); + $resp->assertSee('
cat
'); + } +} \ No newline at end of file diff --git a/tests/FooterLinksTest.php b/tests/Settings/FooterLinksTest.php similarity index 98% rename from tests/FooterLinksTest.php rename to tests/Settings/FooterLinksTest.php index cb2959411..f26f809d5 100644 --- a/tests/FooterLinksTest.php +++ b/tests/Settings/FooterLinksTest.php @@ -1,4 +1,4 @@ -