From 4683da81f35984fb24591b396304ab348a494485 Mon Sep 17 00:00:00 2001
From: Richard Klees <richard.klees@concepts-and-training.de>
Date: Thu, 25 Oct 2018 15:23:41 +0200
Subject: [PATCH 1/2] UI: minor clarification for usage of
 InputInternal::getContent

---
 src/UI/Implementation/Component/Input/Field/Input.php         | 3 +++
 src/UI/Implementation/Component/Input/Field/InputInternal.php | 2 +-
 tests/UI/Component/Input/Field/InputTest.php                  | 4 +++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/UI/Implementation/Component/Input/Field/Input.php b/src/UI/Implementation/Component/Input/Field/Input.php
index 9a30974d3982..06f105daa0e1 100644
--- a/src/UI/Implementation/Component/Input/Field/Input.php
+++ b/src/UI/Implementation/Component/Input/Field/Input.php
@@ -427,6 +427,9 @@ private function getOperations() {
 	 * @inheritdoc
 	 */
 	final public function getContent() {
+		if (is_null($this->content)) {
+			throw new \LogicException("No content of this field has been evaluated yet. Seems withInput was not called.");
+		}
 		return $this->content;
 	}
 }
diff --git a/src/UI/Implementation/Component/Input/Field/InputInternal.php b/src/UI/Implementation/Component/Input/Field/InputInternal.php
index e0a383a79968..5d52099154e5 100644
--- a/src/UI/Implementation/Component/Input/Field/InputInternal.php
+++ b/src/UI/Implementation/Component/Input/Field/InputInternal.php
@@ -45,7 +45,7 @@ public function withInput(PostData $input);
 	/**
 	 * Get the current content of the input.
 	 *
-	 * @return    Result|null
+	 * @return    Result
 	 */
 	public function getContent();
 }
diff --git a/tests/UI/Component/Input/Field/InputTest.php b/tests/UI/Component/Input/Field/InputTest.php
index fc46dfe2a9d2..25c6a8bcc150 100644
--- a/tests/UI/Component/Input/Field/InputTest.php
+++ b/tests/UI/Component/Input/Field/InputTest.php
@@ -166,7 +166,9 @@ public function test_withError() {
 
 
 	public function test_getContent() {
-		$this->assertEquals(null, $this->input->getContent());
+		$this->expectException(\LogicException::class);
+
+		$this->input->getContent();
 	}
 
 

From 2614a930e3c3910d24dd5baa68b8bc61df756f8d Mon Sep 17 00:00:00 2001
From: Richard Klees <richard.klees@concepts-and-training.de>
Date: Thu, 25 Oct 2018 15:26:07 +0200
Subject: [PATCH 2/2] UI: added strip_tags as trafo to text and textarea

---
 .../Component/Input/Field/Text.php            | 18 +++++++++++++++++
 .../Component/Input/Field/Textarea.php        | 20 ++++++++++++++++++-
 .../Component/Input/Field/TextInputTest.php   | 11 ++++++++++
 .../UI/Component/Input/Field/TextareaTest.php | 13 +++++++++++-
 4 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/src/UI/Implementation/Component/Input/Field/Text.php b/src/UI/Implementation/Component/Input/Field/Text.php
index 0978581c29d3..31191deb48b0 100644
--- a/src/UI/Implementation/Component/Input/Field/Text.php
+++ b/src/UI/Implementation/Component/Input/Field/Text.php
@@ -5,11 +5,29 @@
 namespace ILIAS\UI\Implementation\Component\Input\Field;
 
 use ILIAS\UI\Component as C;
+use ILIAS\Data\Factory as DataFactory;
+use ILIAS\Transformation\Factory as TransformationFactory;
+use ILIAS\Validation\Factory as ValidationFactory;
 
 /**
  * This implements the text input.
  */
 class Text extends Input implements C\Input\Field\Text {
+	/**
+	 * @inheritdoc
+	 */
+	public function __construct(
+		DataFactory $data_factory,
+		ValidationFactory $validation_factory,
+		TransformationFactory $transformation_factory,
+		$label,
+		$byline
+	) {
+		parent::__construct($data_factory, $validation_factory, $transformation_factory, $label, $byline);
+		$this->setAdditionalTransformation($transformation_factory->custom(function($v) {
+			return strip_tags($v);
+		}));
+	}
 
 	/**
 	 * @inheritdoc
diff --git a/src/UI/Implementation/Component/Input/Field/Textarea.php b/src/UI/Implementation/Component/Input/Field/Textarea.php
index 66eeaeb6a6d4..6c2f071846ac 100644
--- a/src/UI/Implementation/Component/Input/Field/Textarea.php
+++ b/src/UI/Implementation/Component/Input/Field/Textarea.php
@@ -6,17 +6,35 @@
 
 use ILIAS\UI\Component as C;
 use ILIAS\UI\Implementation\Component\JavaScriptBindable;
+use ILIAS\Data\Factory as DataFactory;
+use ILIAS\Transformation\Factory as TransformationFactory;
+use ILIAS\Validation\Factory as ValidationFactory;
 
 /**
  * This implements the textarea input.
  */
 class Textarea extends Input implements C\Input\Field\Textarea {
-
 	use JavaScriptBindable;
 
 	protected $max_limit;
 	protected $min_limit;
 
+	/**
+	 * @inheritdoc
+	 */
+	public function __construct(
+		DataFactory $data_factory,
+		ValidationFactory $validation_factory,
+		TransformationFactory $transformation_factory,
+		$label,
+		$byline
+	) {
+		parent::__construct($data_factory, $validation_factory, $transformation_factory, $label, $byline);
+		$this->setAdditionalTransformation($transformation_factory->custom(function($v) {
+			return strip_tags($v);
+		}));
+	}
+
 	/**
 	 * set maximum number of characters
 	 * @param $max_limit
diff --git a/tests/UI/Component/Input/Field/TextInputTest.php b/tests/UI/Component/Input/Field/TextInputTest.php
index 5de2decc4a1b..39b2d9d2900d 100644
--- a/tests/UI/Component/Input/Field/TextInputTest.php
+++ b/tests/UI/Component/Input/Field/TextInputTest.php
@@ -134,4 +134,15 @@ public function test_value_required() {
 		$value2 = $text2->getContent();
 		$this->assertTrue($value2->isError());
 	}
+
+	public function test_stripsTags() {
+		$f = $this->buildFactory();
+		$name = "name_0";
+		$text = $f->text("")
+			->withNameFrom($this->name_source)
+			->withInput(new DefPostData([$name => "<script>alert()</script>"]));
+
+		$content = $text->getContent();
+		$this->assertEquals("alert()", $content->value());
+	}
 }
diff --git a/tests/UI/Component/Input/Field/TextareaTest.php b/tests/UI/Component/Input/Field/TextareaTest.php
index 47ac7391d884..9d69faeef2d6 100644
--- a/tests/UI/Component/Input/Field/TextareaTest.php
+++ b/tests/UI/Component/Input/Field/TextareaTest.php
@@ -245,4 +245,15 @@ public function test_renderer_with_error()
 		$expected = trim(preg_replace('/\t+/', '', $expected));
 		$this->assertEquals($expected, $html);
 	}
-}
\ No newline at end of file
+
+	public function test_stripsTags() {
+		$f = $this->buildFactory();
+		$name = "name_0";
+		$text = $f->textarea("")
+			->withNameFrom($this->name_source)
+			->withInput(new DefPostData([$name => "<script>alert()</script>"]));
+
+		$content = $text->getContent();
+		$this->assertEquals("alert()", $content->value());
+	}
+}