Merge pull request #3 from nswdpc/ss410

SS 4.10.0 updates

.gitattributes

@@ -1,11 +1,12 @@
-/tests  export-ignore
-/docs export-ignore
-/client/src export-ignore
-/.gitattributes export-ignore
-/.gitignore export-ignore
-/.php_cs.dist
-/phpcs.xml.dist
-/phpstan.neon.dist
-/phpunit.xml.dist
-/.waratah export-ignore
-/README.md export-ignore
+/tests                      export-ignore
+/docs                       export-ignore
+/client/src                 export-ignore
+/.editorconfig              export-ignore
+/.gitattributes             export-ignore
+/.gitignore                 export-ignore
+/.php-cs-fixer.dist.php     export-ignore
+/phpunit.xml.dist           export-ignore
+/.waratah                   export-ignore
+/code-of-conduct.md         export-ignore
+/CONTRIBUTING.md            export-ignore
+/README.md                  export-ignore

.gitignore

@@ -1,8 +1,4 @@
 /client/node_modules
 /vendor/
-/resources/
-/assets/
 .DS_Store
-/.php_cs.cache
-/composer.lock
-/silverstripe-cache/
+/.php_cs.fixer.cache

.php_cs.dist → .php-cs-fixer.dist.php

@@ -7,8 +7,8 @@
 $finder = PhpCsFixer\Finder::create()
             ->in(__DIR__);
 
-return PhpCsFixer\Config::create()
-        ->setRules([
+$config = new PhpCsFixer\Config();
+return $config->setRules([
             '@PSR2' => true,
             'array_indentation' => true,
             'array_syntax' => ['syntax' => 'short'],

README.md

@@ -22,7 +22,7 @@ Please use dedicated upload fields for handling file uploads.
 
 Per [composer.json](/composer.json):
 
-+ silverstripe/framework ^4
++ silverstripe/framework ^4.10.0
 + jQuery 3.6.0
 
 The field pulls in required Trumbowyg JS and CSS assets from [cdnjs.com](https://cdnjs.com) along with their respective Sub Resource Integrity (SRI) hashes.

composer.json

@@ -32,15 +32,12 @@
         ]
     },
     "require": {
-        "silverstripe/framework" : "^4",
+        "silverstripe/framework" : "^4.10.0",
         "ezyang/htmlpurifier" : "^4.13"
     },
     "require-dev": {
-        "phpunit/phpunit": "^5.7",
-        "squizlabs/php_codesniffer": "^3.0",
-        "friendsofphp/php-cs-fixer": "^2.18",
-        "codeception/codeception" : "^2.5 | ^3 | ^4",
-        "silverstripe/sqlite3": "^2",
-        "symbiote/silverstripe-phpstan": "^4"
+        "phpunit/phpunit": "^9.5",
+        "friendsofphp/php-cs-fixer": "^3",
+        "silverstripe/sqlite3": "^2"
     }
 }

docs/en/001_index.md

@@ -8,15 +8,15 @@ The editor configuration defines a restricted set of tags for saving.
 
 All attributes are removed upon save, except for:
 
-+ the href attribute of the <a> tag
++ the href attribute of the `<a>` tag
 
 Additionally, "javascript:" is removed from the href attribute
 
 ## Tag restrictions
 
 By default the following tags are allowed in the editor (see _config/config.yml)
 
-```yaml
+```yml
 - p
 - i
 - blockquote
@@ -37,33 +37,13 @@ By default the following tags are allowed in the editor (see _config/config.yml)
 
 Only the `href` attribute is allowed (for links), with http or https schemes.
 
-If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to '<p>' tags only.
+If no configuration value `tagsToKeep` is available or it is empty, a default set is used. The fallback condition is to restrict to `<p>` tags only.
 
 The editor is provided a set of `tagsToRemove` for client-side editing (see _config/config.yml). This configuration is not used in saving the value, as value saving is determined by the `tagsToKeep` only.
 
 ## Options
 
-If no configuration is provided, the following configuration is set:
-
-```php
-$options = [
-    "semantic" => true, // Generates a better, more semantic oriented HTML
-    "removeformatPasted" => true, // remove pasted styles from Word and friends
-    "resetCss" => true, // ref: https://alex-d.github.io/Trumbowyg/documentation/#reset-css
-    "autogrow" => true, // allow the text edit zone to extend
-    "buttons" => [
-        [ "undo", "redo" ],
-        [ "p","h3", "h4", "h5", "strong", "em" ], // basic formatting
-        [ "link", "" ], // support adding <a> links
-        [ "unorderedList", "orderedList" ], // ul and ol
-        [ "removeformat" ], // clear all formatting to assist with removing cruft
-        [ "fullscreen" ] // go full screen edit
-    ],
-    "tagsToKeep" => [
-        "p" //  only keep <p> tags by default
-    ]
-];
-```
+If no configuration is provided, the default configuration defined in [TrumbowygEditorField::getFieldOptions()](../../src/Fields/TrumbowygEditorField.php) is used.
 
 ## Basic example
 

src/Models/ContentSanitiser.php

@@ -28,14 +28,7 @@ class ContentSanitiser {
      * @return string
      */
     public static function getAllowedHTMLTags() : string {
-        $allowedHTMLTags = "";
-        if(!empty($options['tagsToKeep']) && is_array($options['tagsToKeep'])) {
-            // mogrify into something for strip_tags
-            $allowedHTMLTags = "<" . implode("><", $options['tagsToKeep']) . ">";
-        }
-        if($allowedHTMLTags == "") {
-            $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags');
-        }
+        $allowedHTMLTags = Config::inst()->get(self::class, 'default_allowed_html_tags');
         if($allowedHTMLTags == "") {
             $allowedHTMLTags = "<p>";// disallow all
         }

tests/FieldTest.php

@@ -124,4 +124,29 @@ public function testGenerateConfig() {
         $this->assertEquals( $expected, $config, "Configuration is not as expected" );
     }
 
+    /**
+     * test that only <p> tags are returned
+     */
+    public function testEmptyConfig() {
+        $tags = "";
+        Config::inst()->update(
+            ContentSanitiser::class,
+            'default_allowed_html_tags',
+            $tags
+        );
+        $expectedGeneratedTags = ['p'];
+        $generatedTags = ContentSanitiser::getAllowedHTMLTagsAsArray();
+        $this->assertEquals( $expectedGeneratedTags, $generatedTags, "Generated tags should match expected");
+
+        $config = ContentSanitiser::generateConfig();
+        $expected = [
+            'Core.Encoding' => 'UTF-8',
+            'HTML.AllowedElements' => $expectedGeneratedTags,
+            'HTML.AllowedAttributes' => ['href'],
+            'URI.AllowedSchemes' => ['http','https', 'mailto', 'callto'],
+            'Attr.ID.HTML5' => true
+        ];
+        $this->assertEquals( $expected, $config, "Configuration is not as expected" );
+    }
+
 }