From b08cbd422462c8f5ac19be76bff9c5323e8cfc92 Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 16:20:23 +1100 Subject: [PATCH 1/6] Bump minimum framework support to 4.10.0 with phpunit version update --- composer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 6632be8..74acee3 100644 --- a/composer.json +++ b/composer.json @@ -32,11 +32,11 @@ ] }, "require": { - "silverstripe/framework" : "^4", + "silverstripe/framework" : "^4.10.0", "ezyang/htmlpurifier" : "^4.13" }, "require-dev": { - "phpunit/phpunit": "^5.7", + "phpunit/phpunit": "^9.5", "squizlabs/php_codesniffer": "^3.0", "friendsofphp/php-cs-fixer": "^2.18", "codeception/codeception" : "^2.5 | ^3 | ^4", From bbb225c87a54956764da9953fb93bb7cae2cd5b0 Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 17:05:49 +1100 Subject: [PATCH 2/6] Update module standard files, documentation and dev requirements --- .gitattributes | 23 ++++++++++++----------- .gitignore | 6 +----- .php_cs.dist => .php-cs-fixer.dist.php | 4 ++-- README.md | 2 +- composer.json | 7 ++----- phpcs.xml.dist | 11 ----------- phpstan.neon.dist | 6 ------ 7 files changed, 18 insertions(+), 41 deletions(-) rename .php_cs.dist => .php-cs-fixer.dist.php (91%) delete mode 100644 phpcs.xml.dist delete mode 100644 phpstan.neon.dist diff --git a/.gitattributes b/.gitattributes index 0d97623..6d32411 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,11 +1,12 @@ -/tests export-ignore -/docs export-ignore -/client/src export-ignore -/.gitattributes export-ignore -/.gitignore export-ignore -/.php_cs.dist -/phpcs.xml.dist -/phpstan.neon.dist -/phpunit.xml.dist -/.waratah export-ignore -/README.md export-ignore +/tests export-ignore +/docs export-ignore +/client/src export-ignore +/.editorconfig export-ignore +/.gitattributes export-ignore +/.gitignore export-ignore +/.php-cs-fixer.dist.php export-ignore +/phpunit.xml.dist export-ignore +/.waratah export-ignore +/code-of-conduct.md export-ignore +/CONTRIBUTING.md export-ignore +/README.md export-ignore diff --git a/.gitignore b/.gitignore index d2051dc..29cf005 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,4 @@ /client/node_modules /vendor/ -/resources/ -/assets/ .DS_Store -/.php_cs.cache -/composer.lock -/silverstripe-cache/ +/.php_cs.fixer.cache diff --git a/.php_cs.dist b/.php-cs-fixer.dist.php similarity index 91% rename from .php_cs.dist rename to .php-cs-fixer.dist.php index 4faac27..f9b7107 100644 --- a/.php_cs.dist +++ b/.php-cs-fixer.dist.php @@ -7,8 +7,8 @@ $finder = PhpCsFixer\Finder::create() ->in(__DIR__); -return PhpCsFixer\Config::create() - ->setRules([ +$config = new PhpCsFixer\Config(); +return $config->setRules([ '@PSR2' => true, 'array_indentation' => true, 'array_syntax' => ['syntax' => 'short'], diff --git a/README.md b/README.md index 6e13a9d..f6fbf58 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Please use dedicated upload fields for handling file uploads. Per [composer.json](/composer.json): -+ silverstripe/framework ^4 ++ silverstripe/framework ^4.10.0 + jQuery 3.6.0 The field pulls in required Trumbowyg JS and CSS assets from [cdnjs.com](https://cdnjs.com) along with their respective Sub Resource Integrity (SRI) hashes. diff --git a/composer.json b/composer.json index 74acee3..722f223 100644 --- a/composer.json +++ b/composer.json @@ -37,10 +37,7 @@ }, "require-dev": { "phpunit/phpunit": "^9.5", - "squizlabs/php_codesniffer": "^3.0", - "friendsofphp/php-cs-fixer": "^2.18", - "codeception/codeception" : "^2.5 | ^3 | ^4", - "silverstripe/sqlite3": "^2", - "symbiote/silverstripe-phpstan": "^4" + "friendsofphp/php-cs-fixer": "^3", + "silverstripe/sqlite3": "^2" } } diff --git a/phpcs.xml.dist b/phpcs.xml.dist deleted file mode 100644 index fe58f6f..0000000 --- a/phpcs.xml.dist +++ /dev/null @@ -1,11 +0,0 @@ - - - CodeSniffer ruleset for SilverStripe coding conventions. - - - - - - - - diff --git a/phpstan.neon.dist b/phpstan.neon.dist deleted file mode 100644 index 4eff0b7..0000000 --- a/phpstan.neon.dist +++ /dev/null @@ -1,6 +0,0 @@ -parameters: - autoload_directories: - - src - - tests -includes: - - vendor/symbiote/silverstripe-phpstan/phpstan.neon From 9a6248d707c959bd232699c3c32192ef121cbfda Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 17:16:27 +1100 Subject: [PATCH 3/6] Fix: correctly format HTML tags in documentation --- docs/en/001_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/001_index.md b/docs/en/001_index.md index 8dd712e..8d7dbe6 100644 --- a/docs/en/001_index.md +++ b/docs/en/001_index.md @@ -8,7 +8,7 @@ The editor configuration defines a restricted set of tags for saving. All attributes are removed upon save, except for: -+ the href attribute of the tag ++ the href attribute of the `` tag Additionally, "javascript:" is removed from the href attribute @@ -16,7 +16,7 @@ Additionally, "javascript:" is removed from the href attribute By default the following tags are allowed in the editor (see _config/config.yml) -```yaml +```yml - p - i - blockquote @@ -37,7 +37,7 @@ By default the following tags are allowed in the editor (see _config/config.yml) Only the `href` attribute is allowed (for links), with http or https schemes. -If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to '

' tags only. +If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to `

` tags only. The editor is provided a set of `tagsToRemove` for client-side editing (see _config/config.yml). This configuration is not used in saving the value, as value saving is determined by the `tagsToKeep` only. From 6f9930b4bd9584435b24a20ab7680637db27932b Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 17:23:41 +1100 Subject: [PATCH 4/6] Docs: reference the configuration rather than copy it to avoid going stale --- docs/en/001_index.md | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/docs/en/001_index.md b/docs/en/001_index.md index 8d7dbe6..e28f91c 100644 --- a/docs/en/001_index.md +++ b/docs/en/001_index.md @@ -43,27 +43,7 @@ The editor is provided a set of `tagsToRemove` for client-side editing (see _con ## Options -If no configuration is provided, the following configuration is set: - -```php -$options = [ - "semantic" => true, // Generates a better, more semantic oriented HTML - "removeformatPasted" => true, // remove pasted styles from Word and friends - "resetCss" => true, // ref: https://alex-d.github.io/Trumbowyg/documentation/#reset-css - "autogrow" => true, // allow the text edit zone to extend - "buttons" => [ - [ "undo", "redo" ], - [ "p","h3", "h4", "h5", "strong", "em" ], // basic formatting - [ "link", "" ], // support adding links - [ "unorderedList", "orderedList" ], // ul and ol - [ "removeformat" ], // clear all formatting to assist with removing cruft - [ "fullscreen" ] // go full screen edit - ], - "tagsToKeep" => [ - "p" // only keep

tags by default - ] -]; -``` +If no configuration is provided, the default configuration defined in [TrumbowygEditorField::getFieldOptions()](../../src/Fields/TrumbowygEditorField.php) is used. ## Basic example From f93840dd88b865b6023124990f2aced19656cfd5 Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 17:32:34 +1100 Subject: [PATCH 5/6] Remove code that will never be used (no options) --- src/Models/ContentSanitiser.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/Models/ContentSanitiser.php b/src/Models/ContentSanitiser.php index 8e90ce1..4fbfb1e 100644 --- a/src/Models/ContentSanitiser.php +++ b/src/Models/ContentSanitiser.php @@ -28,14 +28,7 @@ class ContentSanitiser { * @return string */ public static function getAllowedHTMLTags() : string { - $allowedHTMLTags = ""; - if(!empty($options['tagsToKeep']) && is_array($options['tagsToKeep'])) { - // mogrify into something for strip_tags - $allowedHTMLTags = "<" . implode("><", $options['tagsToKeep']) . ">"; - } - if($allowedHTMLTags == "") { - $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags'); - } + $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags'); if($allowedHTMLTags == "") { $allowedHTMLTags = "

";// disallow all } From cbe22b76b0afd4cb8729d98db9c61bcfb67179b6 Mon Sep 17 00:00:00 2001 From: "James (DPC)" Date: Tue, 11 Oct 2022 17:35:23 +1100 Subject: [PATCH 6/6] NEW: add test for empty configuration (p tag only) --- tests/FieldTest.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/FieldTest.php b/tests/FieldTest.php index e6ee235..8ac5b58 100644 --- a/tests/FieldTest.php +++ b/tests/FieldTest.php @@ -124,4 +124,29 @@ public function testGenerateConfig() { $this->assertEquals( $expected, $config, "Configuration is not as expected" ); } + /** + * test that only

tags are returned + */ + public function testEmptyConfig() { + $tags = ""; + Config::inst()->update( + ContentSanitiser::class, + 'default_allowed_html_tags', + $tags + ); + $expectedGeneratedTags = ['p']; + $generatedTags = ContentSanitiser::getAllowedHTMLTagsAsArray(); + $this->assertEquals( $expectedGeneratedTags, $generatedTags, "Generated tags should match expected"); + + $config = ContentSanitiser::generateConfig(); + $expected = [ + 'Core.Encoding' => 'UTF-8', + 'HTML.AllowedElements' => $expectedGeneratedTags, + 'HTML.AllowedAttributes' => ['href'], + 'URI.AllowedSchemes' => ['http','https', 'mailto', 'callto'], + 'Attr.ID.HTML5' => true + ]; + $this->assertEquals( $expected, $config, "Configuration is not as expected" ); + } + }