From 88c698796b2097301d494a9109631aa2bc96ec48 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sun, 5 Sep 2021 23:52:39 +0100
Subject: [PATCH] Fixed issue with HTML tags in custom head scripts

Fixes a strange issue of HTML tags within script tags being malformed
when part of the HTML custom head content due to the PHP parsing we do.
DOMDocument seemed to cause this upon load.
Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but
not really sure why. Doesn't seem to cause further issues though.
Tested with multiple scripts and styles and comments and meta tags.

- Also added new testing class to cover.
- As part of testing, added new folder within tests to house setting
  specific tests.

For #2914
---
 app/Util/HtmlNonceApplicator.php         |  5 ++--
 tests/Settings/CustomHeadContentTest.php | 30 ++++++++++++++++++++++++
 tests/{ => Settings}/FooterLinksTest.php |  2 +-
 3 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 tests/Settings/CustomHeadContentTest.php
 rename tests/{ => Settings}/FooterLinksTest.php (98%)

diff --git a/app/Util/HtmlNonceApplicator.php b/app/Util/HtmlNonceApplicator.php
index e66625bf2..52f334394 100644
--- a/app/Util/HtmlNonceApplicator.php
+++ b/app/Util/HtmlNonceApplicator.php
@@ -24,7 +24,7 @@ class HtmlNonceApplicator
         $html = '<body>' . $html . '</body>';
         libxml_use_internal_errors(true);
         $doc = new DOMDocument();
-        $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
+        $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'), LIBXML_SCHEMA_CREATE);
         $xPath = new DOMXPath($doc);
 
         // Apply to scripts
@@ -38,7 +38,8 @@ class HtmlNonceApplicator
         $returnHtml = '';
         $topElems = $doc->documentElement->childNodes->item(0)->childNodes;
         foreach ($topElems as $child) {
-            $returnHtml .= $doc->saveHTML($child);
+            $content =  $doc->saveHTML($child);
+            $returnHtml .= $content;
         }
 
         return $returnHtml;
diff --git a/tests/Settings/CustomHeadContentTest.php b/tests/Settings/CustomHeadContentTest.php
new file mode 100644
index 000000000..0e44e3ed3
--- /dev/null
+++ b/tests/Settings/CustomHeadContentTest.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Tests\Settings;
+
+use Tests\TestCase;
+
+class CustomHeadContentTest extends TestCase
+{
+
+    public function test_configured_content_shows_on_pages()
+    {
+        $this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
+        $resp = $this->get('/login');
+        $resp->assertSee('console.log("cat")');
+    }
+
+    public function test_configured_content_does_not_show_on_settings_page()
+    {
+        $this->setSettings(['app-custom-head' => '<script>console.log("cat");</script>']);
+        $resp = $this->asAdmin()->get('/settings');
+        $resp->assertDontSee('console.log("cat")');
+    }
+
+    public function test_divs_in_js_preserved_in_configured_content()
+    {
+        $this->setSettings(['app-custom-head' => '<script><div id="hello">cat</div></script>']);
+        $resp = $this->get('/login');
+        $resp->assertSee('<div id="hello">cat</div>');
+    }
+}
\ No newline at end of file
diff --git a/tests/FooterLinksTest.php b/tests/Settings/FooterLinksTest.php
similarity index 98%
rename from tests/FooterLinksTest.php
rename to tests/Settings/FooterLinksTest.php
index cb2959411..f26f809d5 100644
--- a/tests/FooterLinksTest.php
+++ b/tests/Settings/FooterLinksTest.php
@@ -1,4 +1,4 @@
-<?php
+<?php namespace Tests\Settings;
 
 use Tests\TestCase;