#7916 allow NULL as sanitizable param in PKPString::stripUnsafeHtml m…

…ethod
pkp · Jun 19, 2023 · 9574ae8 · 9574ae8
1 parent a85bb73
commit 9574ae8
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/classes/core/PKPString.php b/classes/core/PKPString.php
@@ -402,13 +402,17 @@ public static function getAmbiguousExtensionsMap()
      * Strip unsafe HTML from the input text. Covers XSS attacks like scripts,
      * onclick(...) attributes, javascript: urls, and special characters.
      *
-     * @param string $input input string
-     * @param string $key   The config section key['allowed_html', 'allowed_title_html']
+     * @param string|null   $input input string
+     * @param string        $key   The config section key['allowed_html', 'allowed_title_html']
      *
      * @return string
      */
-    public static function stripUnsafeHtml(string $input, string $key = 'allowed_html'): string
+    public static function stripUnsafeHtml(?string $input, string $key = 'allowed_html'): string
     {
+        if (!$input) {
+            return '';
+        }
+
         static $sanitizer;
         static $configKey;
         static $allowedTagToAttributeMap;