pkp#7916 Applied html_entity_decode to return sanitized value

touhidurabir · touhidurabir · commit a91dde91f122 · 2023-06-16T20:57:46.000+06:00
diff --git a/classes/core/PKPString.php b/classes/core/PKPString.php
@@ -458,10 +458,10 @@ public static function stripUnsafeHtml(?string $input, string $key = 'allowed_ht
             $sanitizer = new HtmlSanitizer($config);
         }
 
-        return $sanitizer->sanitize(
-            strip_tags(
-                $input, 
-                $allowedTagToAttributeMap->keys()->toArray()
+        // need to apply html_entity_decode as sanitizer apply htmlentities internally for special chars
+        return html_entity_decode(
+            $sanitizer->sanitize(
+                strip_tags($input, $allowedTagToAttributeMap->keys()->toArray())
             )
         );
     }

Original file line number	Diff line number	Diff line change
`@@ -458,10 +458,10 @@ public static function stripUnsafeHtml(?string $input, string $key = 'allowed_ht`
`458`	`458`	`$sanitizer = new HtmlSanitizer($config);`
`459`	`459`	`}`
`460`	`460`
`461`		`- return $sanitizer->sanitize(`
`462`		`- strip_tags(`
`463`		`- $input,`
`464`		`- $allowedTagToAttributeMap->keys()->toArray()`
	`461`	`+ // need to apply html_entity_decode as sanitizer apply htmlentities internally for special chars`
	`462`	`+ return html_entity_decode(`
	`463`	`+ $sanitizer->sanitize(`
	`464`	`+ strip_tags($input, $allowedTagToAttributeMap->keys()->toArray())`
`465`	`465`	`)`
`466`	`466`	`);`
`467`	`467`	`}`