1818use MicroweberPackages \Comment \Models \Comment ;
1919use MicroweberPackages \Comment \Events \NewComment ;
2020use MicroweberPackages \Comment \Notifications \NewCommentNotification ;
21+ use MicroweberPackages \Helper \HTMLClean ;
2122use MicroweberPackages \User \Models \User ;
2223use MicroweberPackages \Utils \Mail \MailSender ;
2324
24-
2525class AdminCommentController extends AdminController
2626{
2727 public function index (Request $ request )
2828 {
29-
3029 $ contents = $ this ->getComments ($ request );
3130
32-
3331 return $ this ->view ('comment::admin.comments.index ' , ['contents ' => $ contents ]);
3432 }
3533
@@ -42,7 +40,6 @@ public function getComments(Request $request)
4240 $ contents = $ contents ->filter ($ filter );
4341 }
4442
45-
4643 $ contents = $ contents ->paginate ($ request ->get ('limit ' , 30 ))
4744 ->appends ($ request ->except ('page ' ));
4845
@@ -148,12 +145,8 @@ public function saveCommentEdit(Request $request)
148145
149146 $ comment_body = $ data ['comment_body ' ];
150147
151- // Claer HTML
152- $ comment_body = $ this ->app ->format ->clean_html ($ comment_body );
153-
154- // Clear XSS
155- $ evil = ['(?<!\w)on\w* ' , 'xmlns ' , 'formaction ' , 'xlink:href ' , 'FSCommand ' , 'seekSegmentTime ' ];
156- $ comment_body = $ this ->app ->format ->clean_xss ($ comment_body , true , $ evil , 'removeEvilAttributes ' );
148+ $ cleanHtml = new HTMLClean ();
149+ $ comment_body = $ cleanHtml ->onlyTags ($ comment_body );
157150
158151 if (!empty ($ comment_body ) and !empty ($ data ['format ' ]) and $ data ['format ' ] == 'markdown ' ) {
159152 $ comment_body = Markdown::convertToHtml ($ comment_body );
0 commit comments