Update

tests/Feature/BlockInsertValidationRedirectTest.php

@@ -0,0 +1,40 @@
+<?php
+
+use Illuminate\Http\Request;
+use Klevze\ControlPanel\Http\Middleware\InputValidationMiddleware;
+use Klevze\ControlPanel\Services\Validation\InputValidationService;
+use function Pest\Laravel\mock;
+
+it('allows block insert html to bypass generic input validation', function () {
+    mock(InputValidationService::class, function ($mock) {
+        $mock->shouldNotReceive('validateSecurity');
+    });
+
+    $middleware = app(InputValidationMiddleware::class);
+
+    $request = Request::create('/cp/content/blocks/insert', 'POST', [
+        'keycode' => 'hero-block',
+        'notes' => 'Intro section',
+        'block_group' => 'home',
+        'active' => '1',
+        'prevod' => [
+            'en' => [
+                'name' => 'English',
+                'content' => '<script>alert(1)</script>',
+            ],
+        ],
+        'store_id' => 1,
+        'token_count' => 12,
+    ]);
+
+    $request->setRouteResolver(fn () => new class {
+        public function getName(): string
+        {
+            return 'admin.plugin.block.insert';
+        }
+    });
+
+    $response = $middleware->handle($request, fn () => response('ok'));
+
+    expect($response->getContent())->toBe('ok');
+});