New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed xss-filter part which was useless #82

Merged
merged 1 commit into from Mar 7, 2017

Conversation

3 participants
@nicosomb
Collaborator

nicosomb commented Mar 7, 2017

Graby has a xss-filter parameter in the configuration but it was useless because the sanitized text was not re-used.

@@ -155,6 +155,8 @@ public function fetchContent($url)
));
}
$infos['html'] = $html;

This comment has been minimized.

@j0k3r

j0k3r Mar 7, 2017

Owner

I would rather override $infos['html'].

$infos = $this->doFetchContent($url);

// filter xss?
if ($this->config['xss_filter']) {
    $this->logger->log('debug', 'Filtering HTML to remove XSS');

    $infos['html'] = htmLawed($infos['html'], array(
        'safe' => 1,
        'deny_attribute' => 'style',
        'comment' => 1,
        'cdata' => 1,
    ));
}

// generate summary
$infos['summary'] = $this->getExcerpt($infos['html']);
@nicosomb

This comment has been minimized.

Collaborator

nicosomb commented Mar 7, 2017

Ready to be squashed.

@j0k3r

This comment has been minimized.

Owner

j0k3r commented Mar 7, 2017

Squash allowed 🚀

@coveralls

This comment has been minimized.

coveralls commented Mar 7, 2017

Coverage Status

Coverage remained the same at 98.574% when pulling 7783d02 on nicosomb:fix-xss-filter into 1bd94d8 on j0k3r:master.

@j0k3r

j0k3r approved these changes Mar 7, 2017

@j0k3r j0k3r merged commit 41c6291 into j0k3r:master Mar 7, 2017

2 checks passed

Scrutinizer No new issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@nicosomb nicosomb deleted the nicosomb:fix-xss-filter branch Mar 8, 2017

@j0k3r j0k3r referenced this pull request Apr 2, 2017

Merged

Safe iframe #91

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment