From f345b4e022999f4376ffdd6d09f5841bba2790e6 Mon Sep 17 00:00:00 2001
From: Simon Erkelens <github@casa-laguna.net>
Date: Sat, 23 Sep 2023 22:43:03 +1200
Subject: [PATCH] strip_tags was too agressive

Replaced with a regex that simply grabs whatever is inside the script. This is safer for e.g. variables that contain (pseudo)html
---
 src/View/CSPBackend.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/View/CSPBackend.php b/src/View/CSPBackend.php
index db8d1ac..80c4fc0 100644
--- a/src/View/CSPBackend.php
+++ b/src/View/CSPBackend.php
@@ -61,8 +61,11 @@ public function insertHeadTags($html, $uniquenessID = null): void
         $type = $this->getTagType($html);
         if ($type === 'javascript') {
             $options = $this->getOptions($html);
-            static::$headJS[$uniquenessID] = [strip_tags($html) => $options];
-            ControllerCSPExtension::addJS(strip_tags($html));
+            // Grab everything between the script tags. All matches are okay, but the last one is the actual script content
+            preg_match('/<script (.*?)>(.*?)<\/script>/s', $html, $match);
+            $scriptContent = end($match);
+            static::$headJS[$uniquenessID] = [$scriptContent => $options];
+            ControllerCSPExtension::addJS($scriptContent);
         } elseif ($type === 'css') {
             $options = $this->getOptions($html); // SimpleXML does it's job here, we see the outcome
             static::$headCSS[$uniquenessID] = [strip_tags($html) => $options];
@@ -96,7 +99,7 @@ public function getTagType($html): ?string
      */
     protected function getOptions($html): array
     {
-        $doc = simplexml_load_string($html); // SimpleXML does it's job here, we see the outcome
+        $doc = simplexml_load_string(str_replace('\\', '', $html)); // SimpleXML does it's job here, we see the outcome
         $option = [];
         foreach ($doc->attributes() as $key => $attribute) {
             $option[$key] = (string)$attribute; // Add each option as a string