From dbbd3e59f914db1477957f7f924aba920cf9bf56 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@supportpal.com>
Date: Tue, 6 Sep 2022 18:04:45 +0100
Subject: [PATCH] Add contenteditable attribute definition (#332)

* Add contenteditable attribute definition

* gate behind html.trusted

* use enum
---
 .../AttrDef/HTML/ContentEditable.php          | 16 +++++++++++
 library/HTMLPurifier/AttrTypes.php            |  1 +
 .../AttrDef/HTML/ContentEditableTest.php      | 27 +++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
 create mode 100644 tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php

diff --git a/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php b/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
new file mode 100644
index 00000000..5b03d3e3
--- /dev/null
+++ b/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
@@ -0,0 +1,16 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
+{
+    public function validate($string, $config, $context)
+    {
+        $allowed = array('false');
+        if ($config->get('HTML.Trusted')) {
+            $allowed = array('', 'true', 'false');
+        }
+
+        $enum = new HTMLPurifier_AttrDef_Enum($allowed);
+
+        return $enum->validate($string, $config, $context);
+    }
+}
diff --git a/library/HTMLPurifier/AttrTypes.php b/library/HTMLPurifier/AttrTypes.php
index 3b70520b..e4429e86 100644
--- a/library/HTMLPurifier/AttrTypes.php
+++ b/library/HTMLPurifier/AttrTypes.php
@@ -41,6 +41,7 @@ class HTMLPurifier_AttrTypes
         $this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
         $this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
         $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
+        $this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable();
 
         // unimplemented aliases
         $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
diff --git a/tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php b/tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php
new file mode 100644
index 00000000..3aa6ec1e
--- /dev/null
+++ b/tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php
@@ -0,0 +1,27 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditableTest extends HTMLPurifier_AttrDefHarness
+{
+    public function setUp()
+    {
+        parent::setUp();
+        $this->def = new HTMLPurifier_AttrDef_HTML_ContentEditable();
+    }
+
+    public function test()
+    {
+        $this->assertDef('', false);
+        $this->assertDef('true', false);
+        $this->assertDef('caret', false);
+        $this->assertDef('false');
+    }
+
+    public function testTrustedHtml()
+    {
+        $this->config->set('HTML.Trusted', true);
+        $this->assertDef('');
+        $this->assertDef('true');
+        $this->assertDef('false');
+        $this->assertDef('caret', false);
+    }
+}