Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed xss-filter part which was useless #82

Merged
merged 1 commit into from Mar 7, 2017
Merged

Conversation

@nicosomb
Copy link
Collaborator

@nicosomb nicosomb commented Mar 7, 2017

Graby has a xss-filter parameter in the configuration but it was useless because the sanitized text was not re-used.

@@ -155,6 +155,8 @@ public function fetchContent($url)
));
}

$infos['html'] = $html;

This comment has been minimized.

@j0k3r

j0k3r Mar 7, 2017
Owner

I would rather override $infos['html'].

$infos = $this->doFetchContent($url);

// filter xss?
if ($this->config['xss_filter']) {
    $this->logger->log('debug', 'Filtering HTML to remove XSS');

    $infos['html'] = htmLawed($infos['html'], array(
        'safe' => 1,
        'deny_attribute' => 'style',
        'comment' => 1,
        'cdata' => 1,
    ));
}

// generate summary
$infos['summary'] = $this->getExcerpt($infos['html']);
@nicosomb
Copy link
Collaborator Author

@nicosomb nicosomb commented Mar 7, 2017

Ready to be squashed.

@j0k3r
Copy link
Owner

@j0k3r j0k3r commented Mar 7, 2017

Squash allowed 🚀

@coveralls
Copy link

@coveralls coveralls commented Mar 7, 2017

Coverage Status

Coverage remained the same at 98.574% when pulling 7783d02 on nicosomb:fix-xss-filter into 1bd94d8 on j0k3r:master.

@j0k3r
j0k3r approved these changes Mar 7, 2017
@j0k3r j0k3r merged commit 41c6291 into j0k3r:master Mar 7, 2017
2 checks passed
2 checks passed
Scrutinizer No new issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@nicosomb nicosomb deleted the nicosomb:fix-xss-filter branch Mar 8, 2017
@j0k3r j0k3r mentioned this pull request Apr 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.