Merge pull request #62 from humhub/fix/62-tests

Fix tests: avoid escaping inside attributes `a[href]` and `img[src]`
humhub · Apr 2, 2024 · c6c9c72 · c6c9c72
2 parents b8e50f4 + c424f46
commit c6c9c72
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/models/parser/TranslationPurifier.php b/models/parser/TranslationPurifier.php
@@ -17,8 +17,13 @@ public static function configure($config)
 
         // Allow specific tags and attributes
         $config->set('HTML.Allowed', 'p,b,i,u,s,a[href|target],img[src|alt],ul,ol,li,blockquote,code,pre,span,hr,br,strong');
-        
+
         // Allow non-ASCII characters
         $config->set('Core.EscapeNonASCIICharacters', false);
+
+        // To avoid escaping inside the attributes
+        $def = $config->getHTMLDefinition(true);
+        $def->addAttribute('a', 'href', new ParameterURIDef());
+        $def->addAttribute('img', 'src', new ParameterURIDef());
     }
 }