Merge pull request #190 from City-of-Helsinki/UHF-X-sanitize-markup

UHF-10995: Simplify link filter
City-of-Helsinki · Nov 23, 2024 · 0a92ddf · 0a92ddf
2 parents d5d46f3 + 9cf87e5
commit 0a92ddf
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 21 deletions.
diff --git a/src/Plugin/Filter/LinkConverter.php b/src/Plugin/Filter/LinkConverter.php
@@ -6,31 +6,33 @@
 
 use Drupal\Component\Render\MarkupInterface;
 use Drupal\Component\Utility\Html;
+use Drupal\Component\Utility\Xss;
 use Drupal\Core\Language\LanguageManagerInterface;
-use Drupal\Core\Link;
 use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
 use Drupal\Core\Render\BubbleableMetadata;
 use Drupal\Core\Render\Markup;
 use Drupal\Core\Render\RenderContext;
 use Drupal\Core\Render\RendererInterface;
+use Drupal\Core\StringTranslation\TranslatableMarkup;
+use Drupal\filter\Attribute\Filter;
 use Drupal\filter\FilterProcessResult;
 use Drupal\filter\Plugin\FilterBase;
+use Drupal\filter\Plugin\FilterInterface;
 use Drupal\helfi_api_base\Link\UrlHelper;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * Provides a 'Link converter' filter.
- *
- * @Filter(
- *   id = "helfi_link_converter",
- *   title = @Translation("Hel.fi: Link converter"),
- *   description = @Translation("Runs embedded links through a template. NOTE: This filter must be run after 'Convert URLs into links' filter."),
- *   type = Drupal\filter\Plugin\FilterInterface::TYPE_TRANSFORM_REVERSIBLE,
- *   settings = {},
- *   weight = -10
- * )
  */
+#[Filter(
+  id: 'helfi_link_converter',
+  title: new TranslatableMarkup('Hel.fi: Link converter'),
+  type: FilterInterface::TYPE_TRANSFORM_REVERSIBLE,
+  description: new TranslatableMarkup("Runs embedded links through a template. NOTE: This filter must be run after 'Convert URLs into links' filter."),
+  weight: -10,
+  settings: [],
+)]
 final class LinkConverter extends FilterBase implements ContainerFactoryPluginInterface {
 
   /**
@@ -89,18 +91,22 @@ public function process($text, $langcode) : FilterProcessResult {
       }
 
       try {
-        $build = Link::fromTextAndUrl($this->getLinkText($node), UrlHelper::parse($value))
-          ->toRenderable();
+        $url = UrlHelper::parse($value);
       }
       catch (\InvalidArgumentException) {
         $this->logger->notice(
           sprintf('Failed to parse link: %s', $node->nodeValue)
         );
         continue;
       }
-      $build['#attributes'] = $this->getNodeAttributes($node);
-
+      $build = [
+        '#type' => 'link',
+        '#url' => $url,
+        '#title' => $this->getLinkText($node),
+        '#attributes' => $this->getNodeAttributes($node),
+      ];
       unset($build['#attributes']['href']);
+
       $this->render($build, $node, $result);
     }
 
@@ -155,8 +161,6 @@ private function render(array $build, \DOMNode $node, FilterProcessResult &$resu
    * @param \DOMElement $node
    *   The node.
    *
-   * @todo Review this.
-   *
    * @return \Drupal\Component\Render\MarkupInterface|string
    *   The rendered markup or string.
    */
@@ -170,7 +174,9 @@ private function getLinkText(\DOMElement $node) : MarkupInterface|string {
       /** @var \DOMNode $childNode */
       $text .= $childNode->C14N();
     }
-    return Markup::create($text);
+    // Make sure we support HTML inside html tags, such as
+    // <span lang="en" dir="ltr">.
+    return Markup::create(Xss::filterAdmin($text));
   }
 
   /**

diff --git a/tests/src/Functional/LinkConverterFilterTest.php b/tests/src/Functional/LinkConverterFilterTest.php
@@ -152,7 +152,8 @@ public function testFilter() : void {
     }
     $element = $this->getSession()->getPage()->find('css', '.nested-dom-link');
     $children = $element->find('css', '.nested');
-    // Make sure nested tags get run through filter.
+    // Make sure HTML inside links is kept, but sanitized.
+    $this->assertNotNull($children);
     $this->assertFalse($children->hasAttribute('onload'));
   }
 

diff --git a/tests/src/Kernel/Plugin/Filter/LinkConverterTest.php b/tests/src/Kernel/Plugin/Filter/LinkConverterTest.php
@@ -13,7 +13,7 @@
 use Drupal\filter\FilterProcessResult;
 
 /**
- * Tests custom language negotiator functionality.
+ * Tests Link converter filter.
  *
  * @coversDefaultClass \Drupal\helfi_api_base\Plugin\Filter\LinkConverter
  * @group helfi_api_base
@@ -49,7 +49,6 @@ protected function setUp(): void {
    * @covers ::create
    * @covers ::process
    * @covers ::render
-   * @covers ::getLinkText
    * @covers ::getNodeAttributes
    */
   public function testInvalidLink() : void {
@@ -61,7 +60,6 @@ public function testInvalidLink() : void {
    * @covers ::create
    * @covers ::process
    * @covers ::render
-   * @covers ::getLinkText
    * @covers ::getNodeAttributes
    * @dataProvider linkProcessingData
    */