Fix tests + add docs

Author: aguingand

docs/guide/building-entity-list.md

@@ -53,6 +53,10 @@ Setting the label, allowing the column to be sortable and to display html is opt
 The optional `->setWidth()` method accepts either an integer (eg: `20` for 20%), a float (eg: `.2` for 20%) or a string (eg: `'20'` or `'20%'`); if missing, it will be deduced (you can use `->setWidthFill()` to force this last behavior).
 To hide the column on small screens, use `->hideOnSmallScreens()`.
 
+::: warning
+HTML sanitization is enabled by default for list fields (to prevent XSS attacks when displaying the list). You can disable it by using `->shouldSanitizeHtml(false)` field method.
+:::
+
 Sorting columns must be handled in the `getListData()` method, see below.
 
 #### Add a badge field

docs/guide/show-fields/text.md

@@ -20,12 +20,18 @@ Reset the collapse configuration.
 
 By default, the text is escaped. If you want to display HTML, set this to true.
 
+### `shouldSanitizeHtml(bool $sanitize = true)`
+
+HTML sanitization is enabled by default for text fields (to prevent XSS attacks when displaying the show). To disable it, call `->shouldSanitizeHtml(false)`.
+
+
 ### `allowEmbeds(array $embeds)`
 
 This method expects an array of embeds that could be inserted in the content, declared as full class names. An embed class must extend `Code16\Sharp\Form\Fields\Embeds\SharpFormEditorEmbed`.
 
 The [documentation on how to write an Embed class is available here](../form-editor-embeds.md).
 
+
 ## Transformer
 
 For markdown-formatted texts, be sure to use the built-in `MarkdownAttributeTransformer`:

tests/Unit/EntityList/SharpEntityListStateTest.php

@@ -145,6 +145,7 @@ public function buildList(EntityListFieldsContainer $fields): void
             'label' => '',
             'sortable' => false,
             'html' => true,
+            'sanitize' => true,
             'width' => null,
             'hideOnXS' => false,
         ],
@@ -162,6 +163,7 @@ public function buildList(EntityListFieldsContainer $fields): void
             'label' => '',
             'sortable' => false,
             'html' => true,
+            'sanitize' => true,
             'width' => null,
             'hideOnXS' => false,
         ],

tests/Unit/EntityList/SharpEntityListTest.php

@@ -32,6 +32,7 @@ public function buildList(EntityListFieldsContainer $fields): void
             'label' => 'Name',
             'sortable' => false,
             'html' => true,
+            'sanitize' => true,
             'width' => '50%',
             'hideOnXS' => false,
         ],
@@ -365,3 +366,20 @@ public function buildListConfig(): void
 
     expect($list->listConfig()['createButtonLabel'])->toEqual('New post...');
 });
+
+it('allows to disable HTML sanitization', function () {
+    $list = new class() extends FakeSharpEntityList
+    {
+        public function buildList(EntityListFieldsContainer $fields): void
+        {
+            $fields->addField(
+                EntityListField::make('name')
+                    ->setLabel('Name')
+                    ->shouldSanitizeHtml(false)
+                    ->setWidth(.5)
+            );
+        }
+    };
+
+    expect($list->fields()[0]['sanitize'])->toBeFalse();
+});

tests/Unit/Show/Fields/SharpShowListFieldTest.php

@@ -18,6 +18,7 @@
                 'key' => 'textField',
                 'emptyVisible' => false,
                 'html' => true,
+                'sanitize' => true,
                 'type' => 'text',
             ],
         ],

tests/Unit/Show/Fields/SharpShowTextFieldTest.php

@@ -12,6 +12,7 @@
             'type' => 'text',
             'emptyVisible' => false,
             'html' => true,
+            'sanitize' => true,
             'label' => 'Label',
         ]);
 });
@@ -56,3 +57,11 @@
 
     expect($field->toArray())->toHaveKey('localized', true);
 });
+
+it('allows to disable HTML sanitization', function () {
+    $field = SharpShowTextField::make('textfield')
+        ->shouldSanitizeHtml(false)
+        ->setLabel('Label');
+
+    expect($field->toArray()['sanitize'])->toBe(false);
+});