fixed src removal from image tags with relative urls, add iframe tag to allowed list
This commit is contained in:
parent
fdf2319783
commit
b70308d990
5 changed files with 78 additions and 8360 deletions
|
@ -7,6 +7,11 @@ use League\CommonMark\Extension\FrontMatter\FrontMatterExtension;
|
||||||
use League\CommonMark\Extension\FrontMatter\Output\RenderedContentWithFrontMatter;
|
use League\CommonMark\Extension\FrontMatter\Output\RenderedContentWithFrontMatter;
|
||||||
use League\CommonMark\MarkdownConverter;
|
use League\CommonMark\MarkdownConverter;
|
||||||
use League\CommonMark\CommonMarkConverter;
|
use League\CommonMark\CommonMarkConverter;
|
||||||
|
|
||||||
|
use HtmlSanitizer\Extension\Basic\BasicExtension;
|
||||||
|
use HtmlSanitizer\Extension\Iframe\IframeExtension;
|
||||||
|
use HtmlSanitizer\SanitizerBuilder;
|
||||||
|
|
||||||
use function _\orderBy;
|
use function _\orderBy;
|
||||||
|
|
||||||
class Contents
|
class Contents
|
||||||
|
@ -63,16 +68,35 @@ class Contents
|
||||||
->parse(file_get_contents($file));
|
->parse(file_get_contents($file));
|
||||||
|
|
||||||
//never trust the front end. clean it up
|
//never trust the front end. clean it up
|
||||||
$sanitizer = HtmlSanitizer\Sanitizer::create([
|
|
||||||
"extensions" => ["basic", "image", "list", "code"],
|
$builder = new SanitizerBuilder();
|
||||||
|
$builder->registerExtension(new BasicExtension());
|
||||||
|
$builder->registerExtension(new IframeExtension());
|
||||||
|
|
||||||
|
//relative-a and relative-image
|
||||||
|
$builder->registerExtension(
|
||||||
|
new \HtmlSanitizer\Extension\Relative\A\AExtension()
|
||||||
|
);
|
||||||
|
$builder->registerExtension(
|
||||||
|
new \HtmlSanitizer\Extension\Relative\Image\ImageExtension()
|
||||||
|
);
|
||||||
|
|
||||||
|
$detergent = [
|
||||||
|
"extensions" => ["basic", "relative-a", "relative-image", "iframe"],
|
||||||
"tags" => [
|
"tags" => [
|
||||||
|
"div" => [
|
||||||
|
"allowed_attributes" => ["class", "title"],
|
||||||
|
],
|
||||||
"img" => [
|
"img" => [
|
||||||
"allowed_attributes" => ["src", "alt", "title", "class"],
|
"allowed_attributes" => ["src", "alt", "title", "class"],
|
||||||
"allowed_hosts" => null,
|
],
|
||||||
"allow_relative_links" => true,
|
"iframe" => [
|
||||||
|
"allowed_attributes" => ["height", "width", "title", "src"],
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
]);
|
];
|
||||||
|
|
||||||
|
$sanitizer = $builder->build($detergent);
|
||||||
|
|
||||||
$scrubbed = $sanitizer->sanitize($result->getContent());
|
$scrubbed = $sanitizer->sanitize($result->getContent());
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,7 @@
|
||||||
"tgalopin/html-sanitizer": "^1.4",
|
"tgalopin/html-sanitizer": "^1.4",
|
||||||
"phpmailer/phpmailer": "^6.4",
|
"phpmailer/phpmailer": "^6.4",
|
||||||
"league/commonmark": "^2.1",
|
"league/commonmark": "^2.1",
|
||||||
"symfony/yaml": "^5.4"
|
"symfony/yaml": "^5.4",
|
||||||
|
"olegatro/html-sanitizer-relative": "^1.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
44
composer.lock
generated
44
composer.lock
generated
|
@ -4,7 +4,7 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "aaecaa98ed680188418b8aff96553235",
|
"content-hash": "cfedfb006726f5c6b4bac05285ccf5e8",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "dflydev/dot-access-data",
|
"name": "dflydev/dot-access-data",
|
||||||
|
@ -858,6 +858,48 @@
|
||||||
},
|
},
|
||||||
"time": "2018-02-13T20:26:39+00:00"
|
"time": "2018-02-13T20:26:39+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "olegatro/html-sanitizer-relative",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/olegatro/html-sanitizer-relative.git",
|
||||||
|
"reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/olegatro/html-sanitizer-relative/zipball/1a4d4683c0c162653da6dcfe6050476dd8bfc026",
|
||||||
|
"reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"ext-dom": "*",
|
||||||
|
"php": ">=7.1",
|
||||||
|
"tgalopin/html-sanitizer": "^1.4"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"HtmlSanitizer\\": "src"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Oleg Scherbakov",
|
||||||
|
"email": "shcherbakov.oleg88@gmail.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Extension for html-sanitizer library by allowing relative urls in the A and Image tags",
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/olegatro/html-sanitizer-relative/issues",
|
||||||
|
"source": "https://github.com/olegatro/html-sanitizer-relative/tree/1.0.0"
|
||||||
|
},
|
||||||
|
"time": "2021-02-05T13:39:44+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "phpmailer/phpmailer",
|
"name": "phpmailer/phpmailer",
|
||||||
"version": "v6.5.1",
|
"version": "v6.5.1",
|
||||||
|
|
|
@ -31,7 +31,8 @@
|
||||||
"license": "UNLICENSED",
|
"license": "UNLICENSED",
|
||||||
"author": "Are0h",
|
"author": "Are0h",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
|
"watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts",
|
||||||
|
"build": "sass src/styles:public/assets/css & npx parcel build src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
|
||||||
},
|
},
|
||||||
"description": "Front end script for the most chill blog framework ever.",
|
"description": "Front end script for the most chill blog framework ever.",
|
||||||
"repository": "https://code.playvicio.us/Are0h/Fipamo"
|
"repository": "https://code.playvicio.us/Are0h/Fipamo"
|
||||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue