Add FilterScope to every Filter

Author: jissereitsma

Filter/Security.php

@@ -0,0 +1,67 @@
+<?php declare(strict_types=1);
+
+namespace Loki\AdminComponents\Filter;
+
+use Loki\AdminComponents\Component\Form\FormRepository;
+use Loki\AdminComponents\Component\Form\FormViewModel;
+use Loki\AdminComponents\Form\Field\Field;
+use Loki\Components\Component\ComponentInterface;
+use Loki\Components\Filter\FilterInterface;
+use Loki\Components\Filter\FilterScope;
+
+class Security implements FilterInterface
+{
+    public function filter(mixed $value, FilterScope $scope): mixed
+    {
+       if (is_object($value)) {
+            return $value;
+        }
+
+        $value = (string)$value;
+        if ($this->allowStripTags($value, $scope)) {
+            $value = strip_tags($value);
+        }
+
+        $value = htmlspecialchars_decode($value);
+        return $value;
+    }
+
+    private function allowStripTags(string $value, FilterScope $scope): bool
+    {
+        $component = $scope->getComponent();
+        if (false === $component instanceof ComponentInterface) {
+            return true;
+        }
+
+        $repository = $component->getRepository();
+        if (false === $repository instanceof FormRepository) {
+            return true;
+        }
+
+        $property = $scope->getProperty();
+        if (empty($property)) {
+            return true;
+        }
+
+        $field = $this->getFieldByPropertyName($repository, $property);
+        if (empty($field)) {
+            return true;
+        }
+
+        return !$field->allowHtml();
+    }
+
+    private function getFieldByPropertyName(FormRepository $repository, string $propertyName): ?Field
+    {
+        /** @var FormViewModel $viewModel */
+        $viewModel = $repository->getComponent()->getViewModel();
+        $fields = $viewModel->getFields();
+        foreach ($fields as $field) {
+            if ($field->getCode() === $propertyName) {
+                return $field;
+            }
+        }
+
+        return null;
+    }
+}

Form/Field/Field.php

@@ -3,6 +3,7 @@
 
 namespace Loki\AdminComponents\Form\Field;
 
+use Loki\AdminComponents\Form\Field\FieldType\Editor;
 use Magento\Framework\DataObject;
 use Magento\Framework\View\Element\AbstractBlock;
 
@@ -30,6 +31,15 @@ public function isRequired(): bool
         return (bool)$this->getData('required');
     }
 
+    public function allowHtml(): bool
+    {
+        if ($this->getFieldType() instanceof Editor) {
+            return true;
+        }
+
+        return (bool)$this->getData('allow_html');
+    }
+
     public function getScope(): string
     {
         return (string)$this->getData('scope');

etc/adminhtml/di.xml

@@ -8,6 +8,14 @@
         <plugin name="Loki_AdminComponents::addCspInlineScripts" type="Loki\AdminComponents\Plugin\AddCspInlineScripts"/>
     </type>
 
+    <type name="Loki\Components\Filter\FilterRegistry">
+        <arguments>
+            <argument name="filters" xsi:type="array">
+                <item name="security" xsi:type="object">Loki\AdminComponents\Filter\Security</item>
+            </argument>
+        </arguments>
+    </type>
+
     <type name="Loki\AdminComponents\ViewModel\Form\Field\Editor">
         <arguments>
             <argument name="toolbar" xsi:type="array">