Skip to content

Commit 444e732

Browse files
irenelagnoirenelagno
committed
MC-3578: Script tag removal
1 parent c93829c commit 444e732

File tree

2 files changed

+61
-0
lines changed

2 files changed

+61
-0
lines changed

dev/tests/integration/testsuite/Magento/PageBuilder/Model/Stage/Renderer/CmsStaticBlockTest.php

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
declare(strict_types=1);
7+
8+
namespace Magento\PageBuilder\Model\Stage\Renderer;
9+
10+
class CmsStaticBlockTest extends \PHPUnit\Framework\TestCase
11+
{
12+
/**
13+
* @magentoDataFixture Magento/PageBuilder/_files/block_with_script.php
14+
* @magentoDataFixture Magento/Variable/_files/variable.php
15+
*/
16+
public function testRender()
17+
{
18+
/** @var \Magento\Cms\Model\Block $cmsBlock */
19+
$cmsBlock = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(
20+
\Magento\Cms\Model\Block::class
21+
);
22+
$cmsBlock->load('block_with_script', 'identifier');
23+
24+
$blockRenderer = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(
25+
\Magento\PageBuilder\Model\Stage\Renderer\CmsStaticBlock::class
26+
);
27+
$result = $blockRenderer->render(['block_id' => $cmsBlock->getId()]);
28+
$this->assertArrayHasKey('content', $result);
29+
$this->assertNotContains('<script>', $result['content']);
30+
$this->assertContains('<p>Config value: "http://example.com/".</p>', $result['content']);
31+
$this->assertContains('<p>Custom variable: "HTML Value".</p>', $result['content']);
32+
}
33+
}

dev/tests/integration/testsuite/Magento/PageBuilder/_files/block_with_script.php

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
7+
/** @var $block \Magento\Cms\Model\Block */
8+
$block = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(\Magento\Cms\Model\Block::class);
9+
$block->setTitle(
10+
'CMS Block Title'
11+
)->setIdentifier(
12+
'block_with_script'
13+
)->setContent(
14+
'<h1>Fixture Block Title</h1>
15+
<a href="{{store url=""}}">store url</a>
16+
<p>Config value: "{{config path="web/unsecure/base_url"}}".</p>
17+
<p>Custom variable: "{{customvar code="variable_code"}}".</p>
18+
<script>alert("hello")</script>
19+
'
20+
)->setIsActive(
21+
1
22+
)->setStores(
23+
[
24+
\Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(
25+
\Magento\Store\Model\StoreManagerInterface::class
26+
)->getStore()->getId()
27+
]
28+
)->save();

0 commit comments

Comments
 (0)