[AdminBundle] Fix escaping of img src attributes in WYSIWYG fields #…

…1858
Kunstmaan · Mar 5, 2018 · a6e7c2d · a6e7c2d
1 parent 6bf820b
commit a6e7c2d
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 2 deletions.
diff --git a/src/Kunstmaan/AdminBundle/Form/MediaTokenTransformer.php b/src/Kunstmaan/AdminBundle/Form/MediaTokenTransformer.php
@@ -63,10 +63,21 @@ function (Crawler $node) {
                 if (isset($query['token'])) {
                     $image->setAttribute('src', $query['token']);
                 }
-                $image->setAttribute('data-src', urldecode($src));
+                $image->setAttribute('data-src', $src);
             }
         );
 
-        return $crawler->filter('body')->html();
+        $html = $crawler->filter('body')->html();
+
+        // URL-decode square brackets in img and a tags
+        $html = preg_replace_callback(
+            '/<(img|a)\s+[^>]*>/',
+            function($matches) {
+                return str_replace(['%5B', '%5D'], ['[', ']'], $matches[0]);
+            },
+            $html
+        );
+
+        return $html;
     }
 }
diff --git a/src/Kunstmaan/AdminBundle/Tests/Form/MediaTokenTransformerTest.php b/src/Kunstmaan/AdminBundle/Tests/Form/MediaTokenTransformerTest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Kunstmaan\AdminBundle\Tests\Form;
+
+use Kunstmaan\AdminBundle\Form\MediaTokenTransformer;
+
+/**
+ * Class MediaTokenTransformerTest
+ *
+ * @package Kunstmaan\AdminBundle\Tests\Form
+ */
+class MediaTokenTransformerTest extends \PHPUnit_Framework_TestCase
+{
+
+    public function testTransformCopiesDataSrcToSrc()
+    {
+        $transformer = new MediaTokenTransformer();
+
+        $content = '<img src="[M1]" data-src="image.jpg?token=[M1]">';
+
+        $expected = '<img src="image.jpg?token=%5BM1%5D">';
+
+        $this->assertContains($expected, $transformer->transform($content));
+    }
+
+    public function testReverseTransformSetsSrcAndDataSrc()
+    {
+        $transformer = new MediaTokenTransformer();
+
+        $content = '<img src="image.jpg?token=%5BM1%5D">';
+
+        $expected = '<img src="[M1]" data-src="image.jpg?token=[M1]">';
+
+        $this->assertEquals($expected, $transformer->reverseTransform($content));
+    }
+
+    public function testReverseTransformPreservesAnchorHrefs()
+    {
+        $transformer = new MediaTokenTransformer();
+
+        $content = '<a href="%5BNT1%5D"></a>';
+
+        $expected = '<a href="[NT1]"></a>';
+
+        $this->assertEquals($expected, $transformer->reverseTransform($content));
+    }
+
+}