From 9574ae827d722c484815488d6becee59c98f7b62 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Wed, 17 May 2023 16:52:39 +0600
Subject: [PATCH] pkp/pkp-lib#7916 allow NULL as sanitizable param in
 PKPString::stripUnsafeHtml method

---
 classes/core/PKPString.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/classes/core/PKPString.php b/classes/core/PKPString.php
index f2b2e8b1129..04c07fe3efb 100644
--- a/classes/core/PKPString.php
+++ b/classes/core/PKPString.php
@@ -402,13 +402,17 @@ public static function getAmbiguousExtensionsMap()
      * Strip unsafe HTML from the input text. Covers XSS attacks like scripts,
      * onclick(...) attributes, javascript: urls, and special characters.
      *
-     * @param string $input input string
-     * @param string $key   The config section key['allowed_html', 'allowed_title_html']
+     * @param string|null   $input input string
+     * @param string        $key   The config section key['allowed_html', 'allowed_title_html']
      *
      * @return string
      */
-    public static function stripUnsafeHtml(string $input, string $key = 'allowed_html'): string
+    public static function stripUnsafeHtml(?string $input, string $key = 'allowed_html'): string
     {
+        if (!$input) {
+            return '';
+        }
+
         static $sanitizer;
         static $configKey;
         static $allowedTagToAttributeMap;