Merge remote-tracking branch 'origin/2.4.8-beta2-develop' into AC-12133-v2

glo71317 · glo71317 · commit 81ba50df6a53 · 2025-01-16T19:29:25.000+05:30
diff --git a/lib/internal/Magento/Framework/Test/Unit/Validator/HTML/ConfigurableWYSIWYGValidatorTest.php b/lib/internal/Magento/Framework/Test/Unit/Validator/HTML/ConfigurableWYSIWYGValidatorTest.php
@@ -1,9 +1,8 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2024 Adobe.
+ * All Rights Reserved.
  */
-
 declare(strict_types=1);
 
 namespace Magento\Framework\Test\Unit\Validator\HTML;
@@ -16,6 +15,49 @@
 
 class ConfigurableWYSIWYGValidatorTest extends TestCase
 {
+    /**
+     * @var ConfigurableWYSIWYGValidator
+     */
+    private ConfigurableWYSIWYGValidator $validator;
+
+    protected function setUp(): void
+    {
+        $allowedTags = ['p', 'a', 'div'];
+        $allowedAttributes = ['href', 'title'];
+        $attributesAllowedByTags = ['a' => ['href', 'title']];
+        $attributeValidators = [];
+        $tagValidators = [];
+
+        $this->validator = new ConfigurableWYSIWYGValidator(
+            $allowedTags,
+            $allowedAttributes,
+            $attributesAllowedByTags,
+            $attributeValidators,
+            $tagValidators
+        );
+    }
+
+    /**
+     * Test that the validator error message does not contain duplicated tags body and html.
+     *
+     * @return void
+     * @throws ValidationException
+     */
+    public function testValidateThrowsExceptionForDisallowedTags()
+    {
+        $this->expectException(ValidationException::class);
+        $this->expectExceptionMessageMatches('/^(Allowed HTML tags are: p, a, div, body, html)*$/');
+
+        $validHtml = '<html><body>test1</body></html>';
+        $this->validator->validate($validHtml);
+        $validHtml = '<html><body>test2</body></html>';
+        $this->validator->validate($validHtml);
+        $validHtml = '<html><body>test3</body></html>';
+        $this->validator->validate($validHtml);
+        $invalidHtml = '<html><body><script>alert("XSS")</script></body></html>';
+        $this->validator->validate($invalidHtml);
+    }
+
     /**
      * Configurations to test.
      *
diff --git a/lib/internal/Magento/Framework/Validator/HTML/ConfigurableWYSIWYGValidator.php b/lib/internal/Magento/Framework/Validator/HTML/ConfigurableWYSIWYGValidator.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
  */
 
 declare(strict_types=1);
@@ -110,7 +110,8 @@ public function validate(string $content): void
     private function validateConfigured(\DOMXPath $xpath): void
     {
         //Validating tags
-        $this->allowedTags = array_merge($this->allowedTags, ["body", "html"]);
+        $this->allowedTags['body'] = 'body';
+        $this->allowedTags['html'] = 'html';
         $found = $xpath->query(
             '//*['
             . implode(
