Allow heading tags (h1-h6) in ContentSanitizer so news editor headings render

2026-06-04 07:52:57 +02:00
parent 0b33a1b074
commit 15870ddb1f
191 changed files with 15453 additions and 1786 deletions
--- a/tests/Feature/Dashboard/DashboardArtworkDescriptionValidationTest.php
+++ b/tests/Feature/Dashboard/DashboardArtworkDescriptionValidationTest.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Models\Artwork;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+it('rejects raw html when updating artwork descriptions from the dashboard editor', function (): void {
+    $user = User::factory()->create();
+    $artwork = Artwork::factory()->for($user)->create([
+        'title' => 'Dashboard Artwork',
+        'slug' => 'dashboard-artwork',
+        'description' => 'Original description',
+    ]);
+
+    $this->from(route('dashboard.artworks.edit', ['id' => $artwork->id]))
+        ->actingAs($user)
+        ->put(route('dashboard.artworks.update', ['id' => $artwork->id]), [
+            'title' => 'Dashboard Artwork',
+            'description' => '<img src="https://spam.example/test.jpg" alt="">',
+        ])
+        ->assertRedirect(route('dashboard.artworks.edit', ['id' => $artwork->id]))
+        ->assertSessionHasErrors(['description']);
+
+    expect($artwork->fresh()->description)->toBe('Original description');
+});