diff --git a/src/Tags/Svg.php b/src/Tags/Svg.php index 8ac9d502ce..2fd0215c07 100644 --- a/src/Tags/Svg.php +++ b/src/Tags/Svg.php @@ -48,7 +48,7 @@ public function index() $svg = $this->params->get('src'); } - $attributes = $this->renderAttributesFromParams(['src', 'title', 'desc']); + $attributes = $this->renderAttributesFromParams(['src', 'title', 'desc', 'sanitize']); if ($this->params->get('title') || $this->params->get('desc')) { $svg = $this->setTitleAndDesc($svg); @@ -91,7 +91,7 @@ private function setTitleAndDesc($svg) private function sanitize($svg) { - if ($this->params->bool('sanitize') === false) { + if ($this->params->bool('sanitize', true) === false) { return $svg; } diff --git a/tests/Fieldtypes/IconTest.php b/tests/Fieldtypes/IconTest.php index 9600b1c876..7500fdb0cb 100644 --- a/tests/Fieldtypes/IconTest.php +++ b/tests/Fieldtypes/IconTest.php @@ -21,7 +21,7 @@ public function it_finds_default_icons() /** @test */ public function it_accepts_svg_strings() { - $result = (string) Antlers::parse('{{ svg :src="test" class="w-4 h-4" }}', ['test' => new Value('add', $this->fieldtype())]); + $result = (string) Antlers::parse('{{ svg :src="test" class="w-4 h-4" sanitize="false" }}', ['test' => new Value('add', $this->fieldtype())]); $this->assertStringContainsString('assertStringStartsWith('assertStringStartsWith('assertEquals( '', - $this->tag('{{ svg src="xss" sanitize="true" }}') + $this->tag('{{ svg src="xss" }}') ); $this->assertEquals( '', - $this->tag('{{ svg src="xss" sanitize="true" allow_tags="mesh|foreignObject" allow_attrs="onclick" }}') + $this->tag('{{ svg src="xss" allow_tags="mesh|foreignObject" allow_attrs="onclick" }}') ); } @@ -77,6 +77,6 @@ public function sanitizing_doesnt_remove_an_xml_tag() File::put(resource_path('xmltag.svg'), $svg); - $this->assertEquals($svg, $this->tag('{{ svg src="xmltag" sanitize="true" }}')); + $this->assertEquals($svg, $this->tag('{{ svg src="xmltag" }}')); } }