Fix HtmlSanitizer default configuration behavior for allowed schemes

tgalopin · nicolas-grekas · commit f978fcf5f2d6 · 2022-12-14T11:28:02.000+01:00
diff --git a/Tests/TextSanitizer/UrlSanitizerTest.php b/Tests/TextSanitizer/UrlSanitizerTest.php
@@ -45,6 +45,33 @@ public function provideSanitize()
             'output' => null,
         ];
 
+        yield [
+            'input' => 'http://trusted.com/link.php',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'http://trusted.com/link.php',
+        ];
+
+        yield [
+            'input' => 'https://trusted.com/link.php',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'https://trusted.com/link.php',
+        ];
+
+        yield [
+            'input' => 'data:text/plain;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
+            'allowedSchemes' => null,
+            'allowedHosts' => null,
+            'forceHttps' => false,
+            'allowRelative' => false,
+            'output' => 'data:text/plain;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
+        ];
+
         yield [
             'input' => 'https://trusted.com/link.php',
             'allowedSchemes' => ['https'],
