Update

tests/Feature/BlockLayoutValidationTest.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Http\Request;
+use Klevze\ControlPanel\Http\Middleware\InputValidationMiddleware;
+use Klevze\ControlPanel\Services\Validation\InputValidationService;
+use function Pest\Laravel\mock;
+
+it('skips generic input validation for block layout saves', function () {
+    mock(InputValidationService::class, function ($mock) {
+        $mock->shouldNotReceive('validateSecurity');
+    });
+
+    $middleware = app(InputValidationMiddleware::class);
+
+    $request = Request::create('/cp/content/blocks/layout', 'POST', [
+        'header' => '<script src="https://example.com/app.js"></script>',
+        'footer' => '<script>alert(1)</script>',
+        'layout' => 'main',
+    ]);
+
+    $request->setRouteResolver(fn () => new class {
+        public function getName(): string
+        {
+            return 'admin.plugin.block.layout.update';
+        }
+    });
+
+    $response = $middleware->handle($request, fn () => response('ok'));
+
+    expect($response->getContent())->toBe('ok');
+});