summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2014-08-04 19:01:11 (GMT)
committerAlex Pott2014-08-04 19:01:11 (GMT)
commit1d8f75b38db216a37298f407a9933778efb4ee6e (patch)
tree219cb28f1a61705c24e58ce971bcc37e492cd046
parentdd0c49dc3cf78b0f0f541021e9d16f2b9034f4fe (diff)
Issue #2315255 by Dave Reid: Fixed Xss::split() fails on custom HTML elements with dashes in the name.
-rw-r--r--core/lib/Drupal/Component/Utility/Xss.php2
-rw-r--r--core/tests/Drupal/Tests/Component/Utility/XssTest.php21
2 files changed, 20 insertions, 3 deletions
diff --git a/core/lib/Drupal/Component/Utility/Xss.php b/core/lib/Drupal/Component/Utility/Xss.php
index ddce179..7a77182 100644
--- a/core/lib/Drupal/Component/Utility/Xss.php
+++ b/core/lib/Drupal/Component/Utility/Xss.php
@@ -152,7 +152,7 @@ class Xss {
return '<';
}
- if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
+ if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return '';
}
diff --git a/core/tests/Drupal/Tests/Component/Utility/XssTest.php b/core/tests/Drupal/Tests/Component/Utility/XssTest.php
index a682fb1..7f45b17 100644
--- a/core/tests/Drupal/Tests/Component/Utility/XssTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/XssTest.php
@@ -59,11 +59,19 @@ class XssTest extends UnitTestCase {
* The expected result.
* @param string $message
* The assertion message to display upon failure.
+ * @param array $allowed_tags
+ * (optional) The allowed HTML tags to be passed to \Drupal\Component\Utility\Xss::filter().
*
* @dataProvider providerTestFilterXssNormalized
*/
- public function testFilterXssNormalized($value, $expected, $message) {
- $this->assertNormalized(Xss::filter($value), $expected, $message);
+ public function testFilterXssNormalized($value, $expected, $message, array $allowed_tags = NULL) {
+ if ($allowed_tags === NULL) {
+ $value = Xss::filter($value);
+ }
+ else {
+ $value = Xss::filter($value, $allowed_tags);
+ }
+ $this->assertNormalized($value, $expected, $message);
}
/**
@@ -76,6 +84,8 @@ class XssTest extends UnitTestCase {
* - The value to filter.
* - The value to expect after filtering.
* - The assertion message.
+ * - (optional) The allowed HTML HTML tags array that should be passed to
+ * \Drupal\Component\Utility\Xss::filter().
*/
public function providerTestFilterXssNormalized() {
return array(
@@ -94,6 +104,13 @@ class XssTest extends UnitTestCase {
"who&amp;#039; online",
'HTML filter -- double encoded html entity number',
),
+ // Custom elements with dashes in the tag name.
+ array(
+ "<test-element></test-element>",
+ "<test-element></test-element>",
+ 'Custom element with dashes in tag name.',
+ array('test-element'),
+ ),
);
}