Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed xss-filter part which was useless #82

Merged
merged 1 commit into from
Mar 7, 2017
Merged

Fixed xss-filter part which was useless #82

merged 1 commit into from
Mar 7, 2017

Conversation

nicosomb
Copy link
Collaborator

@nicosomb nicosomb commented Mar 7, 2017

Graby has a xss-filter parameter in the configuration but it was useless because the sanitized text was not re-used.

src/Graby.php Outdated
@@ -155,6 +155,8 @@ public function fetchContent($url)
));
}

$infos['html'] = $html;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather override $infos['html'].

$infos = $this->doFetchContent($url);

// filter xss?
if ($this->config['xss_filter']) {
    $this->logger->log('debug', 'Filtering HTML to remove XSS');

    $infos['html'] = htmLawed($infos['html'], array(
        'safe' => 1,
        'deny_attribute' => 'style',
        'comment' => 1,
        'cdata' => 1,
    ));
}

// generate summary
$infos['summary'] = $this->getExcerpt($infos['html']);

@nicosomb
Copy link
Collaborator Author

nicosomb commented Mar 7, 2017

Ready to be squashed.

@j0k3r
Copy link
Owner

j0k3r commented Mar 7, 2017

Squash allowed 🚀

@coveralls
Copy link

Coverage Status

Coverage remained the same at 98.574% when pulling 7783d02 on nicosomb:fix-xss-filter into 1bd94d8 on j0k3r:master.

@j0k3r j0k3r merged commit 41c6291 into j0k3r:master Mar 7, 2017
@nicosomb nicosomb deleted the fix-xss-filter branch March 8, 2017 08:07
@j0k3r j0k3r mentioned this pull request Apr 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants