Fix tests: avoid escaping inside attributes a[href] and img[src]

humhub · Apr 2, 2024 · c424f46 · c424f46
1 parent b8e50f4
commit c424f46
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/models/parser/TranslationPurifier.php b/models/parser/TranslationPurifier.php
@@ -17,8 +17,13 @@ public static function configure($config)
 
         // Allow specific tags and attributes
         $config->set('HTML.Allowed', 'p,b,i,u,s,a[href|target],img[src|alt],ul,ol,li,blockquote,code,pre,span,hr,br,strong');
-        
+
         // Allow non-ASCII characters
         $config->set('Core.EscapeNonASCIICharacters', false);
+
+        // To avoid escaping inside the attributes
+        $def = $config->getHTMLDefinition(true);
+        $def->addAttribute('a', 'href', new ParameterURIDef());
+        $def->addAttribute('img', 'src', new ParameterURIDef());
     }
 }