aritmija/tests/Feature/BlockLayoutValidationTest.php

<?php

use Illuminate\Http\Request;
use Klevze\ControlPanel\Http\Middleware\InputValidationMiddleware;
use Klevze\ControlPanel\Services\Validation\InputValidationService;
use function Pest\Laravel\mock;

it('skips generic input validation for block layout saves', function () {
    mock(InputValidationService::class, function ($mock) {
        $mock->shouldNotReceive('validateSecurity');
    });

    $middleware = app(InputValidationMiddleware::class);

    $request = Request::create('/cp/content/blocks/layout', 'POST', [
        'header' => '<script src="https://example.com/app.js"></script>',
        'footer' => '<script>alert(1)</script>',
        'layout' => 'main',
    ]);

    $request->setRouteResolver(fn () => new class {
        public function getName(): string
        {
            return 'admin.plugin.block.layout.update';
        }
    });

    $response = $middleware->handle($request, fn () => response('ok'));

    expect($response->getContent())->toBe('ok');
});