fixed src removal from image tags with relative urls, add iframe tag to allowed list
This commit is contained in:
parent
fdf2319783
commit
b70308d990
5 changed files with 78 additions and 8360 deletions
|
@ -7,6 +7,11 @@ use League\CommonMark\Extension\FrontMatter\FrontMatterExtension;
|
|||
use League\CommonMark\Extension\FrontMatter\Output\RenderedContentWithFrontMatter;
|
||||
use League\CommonMark\MarkdownConverter;
|
||||
use League\CommonMark\CommonMarkConverter;
|
||||
|
||||
use HtmlSanitizer\Extension\Basic\BasicExtension;
|
||||
use HtmlSanitizer\Extension\Iframe\IframeExtension;
|
||||
use HtmlSanitizer\SanitizerBuilder;
|
||||
|
||||
use function _\orderBy;
|
||||
|
||||
class Contents
|
||||
|
@ -63,16 +68,35 @@ class Contents
|
|||
->parse(file_get_contents($file));
|
||||
|
||||
//never trust the front end. clean it up
|
||||
$sanitizer = HtmlSanitizer\Sanitizer::create([
|
||||
"extensions" => ["basic", "image", "list", "code"],
|
||||
|
||||
$builder = new SanitizerBuilder();
|
||||
$builder->registerExtension(new BasicExtension());
|
||||
$builder->registerExtension(new IframeExtension());
|
||||
|
||||
//relative-a and relative-image
|
||||
$builder->registerExtension(
|
||||
new \HtmlSanitizer\Extension\Relative\A\AExtension()
|
||||
);
|
||||
$builder->registerExtension(
|
||||
new \HtmlSanitizer\Extension\Relative\Image\ImageExtension()
|
||||
);
|
||||
|
||||
$detergent = [
|
||||
"extensions" => ["basic", "relative-a", "relative-image", "iframe"],
|
||||
"tags" => [
|
||||
"div" => [
|
||||
"allowed_attributes" => ["class", "title"],
|
||||
],
|
||||
"img" => [
|
||||
"allowed_attributes" => ["src", "alt", "title", "class"],
|
||||
"allowed_hosts" => null,
|
||||
"allow_relative_links" => true,
|
||||
],
|
||||
"iframe" => [
|
||||
"allowed_attributes" => ["height", "width", "title", "src"],
|
||||
],
|
||||
],
|
||||
]);
|
||||
];
|
||||
|
||||
$sanitizer = $builder->build($detergent);
|
||||
|
||||
$scrubbed = $sanitizer->sanitize($result->getContent());
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
"tgalopin/html-sanitizer": "^1.4",
|
||||
"phpmailer/phpmailer": "^6.4",
|
||||
"league/commonmark": "^2.1",
|
||||
"symfony/yaml": "^5.4"
|
||||
"symfony/yaml": "^5.4",
|
||||
"olegatro/html-sanitizer-relative": "^1.0"
|
||||
}
|
||||
}
|
||||
|
|
44
composer.lock
generated
44
composer.lock
generated
|
@ -4,7 +4,7 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "aaecaa98ed680188418b8aff96553235",
|
||||
"content-hash": "cfedfb006726f5c6b4bac05285ccf5e8",
|
||||
"packages": [
|
||||
{
|
||||
"name": "dflydev/dot-access-data",
|
||||
|
@ -858,6 +858,48 @@
|
|||
},
|
||||
"time": "2018-02-13T20:26:39+00:00"
|
||||
},
|
||||
{
|
||||
"name": "olegatro/html-sanitizer-relative",
|
||||
"version": "1.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/olegatro/html-sanitizer-relative.git",
|
||||
"reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/olegatro/html-sanitizer-relative/zipball/1a4d4683c0c162653da6dcfe6050476dd8bfc026",
|
||||
"reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-dom": "*",
|
||||
"php": ">=7.1",
|
||||
"tgalopin/html-sanitizer": "^1.4"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"HtmlSanitizer\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Oleg Scherbakov",
|
||||
"email": "shcherbakov.oleg88@gmail.com"
|
||||
}
|
||||
],
|
||||
"description": "Extension for html-sanitizer library by allowing relative urls in the A and Image tags",
|
||||
"support": {
|
||||
"issues": "https://github.com/olegatro/html-sanitizer-relative/issues",
|
||||
"source": "https://github.com/olegatro/html-sanitizer-relative/tree/1.0.0"
|
||||
},
|
||||
"time": "2021-02-05T13:39:44+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpmailer/phpmailer",
|
||||
"version": "v6.5.1",
|
||||
|
|
|
@ -31,7 +31,8 @@
|
|||
"license": "UNLICENSED",
|
||||
"author": "Are0h",
|
||||
"scripts": {
|
||||
"watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
|
||||
"watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts",
|
||||
"build": "sass src/styles:public/assets/css & npx parcel build src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
|
||||
},
|
||||
"description": "Front end script for the most chill blog framework ever.",
|
||||
"repository": "https://code.playvicio.us/Are0h/Fipamo"
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue