Fix HtmlSanitizer default configuration behavior for allowed schemes

symfony · Dec 14, 2022 · f978fcf · f978fcf
1 parent 28d1912
commit f978fcf
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/Tests/TextSanitizer/UrlSanitizerTest.php b/Tests/TextSanitizer/UrlSanitizerTest.php
@@ -45,6 +45,33 @@ public function provideSanitize()
             'output' => null,
         ];
 
+        yield [
+            'input' => 'http://trusted.com/link.php',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'http://trusted.com/link.php',
+        ];
+
+        yield [
+            'input' => 'https://trusted.com/link.php',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'https://trusted.com/link.php',
+        ];
+
+        yield [
+            'input' => 'data:text/plain;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'data:text/plain;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
+        ];
+
         yield [
             'input' => 'https://trusted.com/link.php',
             'allowedSchemes' => ['https'],