Allow heading tags (h1-h6) in ContentSanitizer so news editor headings render

2026-06-04 07:52:57 +02:00
parent 0b33a1b074
commit 15870ddb1f
191 changed files with 15453 additions and 1786 deletions
--- a/tests/Feature/Api/ArtworkDraftApiTest.php
+++ b/tests/Feature/Api/ArtworkDraftApiTest.php
@@ -14,7 +14,7 @@ it('creates upload drafts as private artworks', function (): void {

    $response = postJson('/api/artworks', [
        'title' => 'Upload draft test',
-        'description' => '<p>Draft body</p>',
+        'description' => 'Draft body',
        'is_mature' => false,
    ]);

@@ -28,4 +28,17 @@ it('creates upload drafts as private artworks', function (): void {
        ->and($artwork->is_public)->toBeFalse()
        ->and($artwork->artwork_status)->toBe('draft')
        ->and($artwork->published_at)->toBeNull();
+});
+
+it('rejects upload drafts with raw html in the description', function (): void {
+    $user = User::factory()->create();
+
+    actingAs($user);
+
+    postJson('/api/artworks', [
+        'title' => 'Upload draft test',
+        'description' => '<img src="https://spam.example/test.jpg" alt="">',
+        'is_mature' => false,
+    ])->assertStatus(422)
+        ->assertJsonValidationErrors(['description']);
 });