Changeset 57754 for trunk/tests/phpunit/tests/block-bindings/render.php
- Timestamp:
- 03/02/2024 02:11:53 PM (11 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/block-bindings/render.php
r57641 r57754 199 199 ); 200 200 } 201 202 /** 203 * Tests if the block content is sanitized when unsafe HTML is passed. 204 * 205 * @ticket 60651 206 * 207 * @covers ::register_block_bindings_source 208 */ 209 public function test_source_value_with_unsafe_html_is_sanitized() { 210 $get_value_callback = function () { 211 return '<script>alert("Unsafe HTML")</script>'; 212 }; 213 214 register_block_bindings_source( 215 self::SOURCE_NAME, 216 array( 217 'label' => self::SOURCE_LABEL, 218 'get_value_callback' => $get_value_callback, 219 ) 220 ); 221 222 $block_content = <<<HTML 223 <!-- wp:paragraph {"metadata":{"bindings":{"content":{"source":"test/source"}}}} --> 224 <p>This should not appear</p> 225 <!-- /wp:paragraph --> 226 HTML; 227 $parsed_blocks = parse_blocks( $block_content ); 228 $block = new WP_Block( $parsed_blocks[0] ); 229 $result = $block->render(); 230 231 $this->assertSame( 232 '<p>alert("Unsafe HTML")</p>', 233 trim( $result ), 234 'The block content should be updated with the value returned by the source.' 235 ); 236 } 201 237 }
Note: See TracChangeset
for help on using the changeset viewer.