Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: added HtmlSanitizer
  • Loading branch information
thorsten committed May 3, 2023
1 parent 6e8801a commit 9379139
Show file tree
Hide file tree
Showing 4 changed files with 205 additions and 3 deletions.
3 changes: 2 additions & 1 deletion composer.json
Expand Up @@ -32,7 +32,8 @@
"ext-json": "*",
"ext-xml": "*",
"ext-zip": "*",
"ext-xmlwriter": "*"
"ext-xmlwriter": "*",
"tgalopin/html-sanitizer": "^1.5"
},
"require-dev": {
"phpunit/phpunit": "9.*",
Expand Down
188 changes: 187 additions & 1 deletion composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion phpmyfaq/faq.php
Expand Up @@ -340,7 +340,7 @@
'solutionId' => $faq->faqRecord['solution_id'],
'solutionIdLink' => Link::getSystemRelativeUri() . '?solution_id=' . $faq->faqRecord['solution_id'],
'question' => $question,
'answer' => $answer,
'answer' => $faqHelper->cleanUpContent($answer),
'faqDate' => $date->format($faq->faqRecord['date']),
'faqAuthor' => Strings::htmlentities($author),
'editThisEntry' => $editThisEntry,
Expand Down
15 changes: 15 additions & 0 deletions phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
Expand Up @@ -18,6 +18,7 @@
namespace phpMyFAQ\Helper;

use Exception;
use HtmlSanitizer\Sanitizer;
use ParsedownExtra;
use phpMyFAQ\Category;
use phpMyFAQ\Configuration;
Expand Down Expand Up @@ -236,4 +237,18 @@ public function createFaqTranslationLinkList(int $faqId, string $faqLang): strin

return $output;
}


/**
* Remove <script> tags, we don't need them
*
* @param string $content
* @return string
*/
public function cleanUpContent(string $content): string
{
$htmlSanitizer = Sanitizer::create(['extensions' => ['basic']]);

return $htmlSanitizer->sanitize($content);
}
}

0 comments on commit 9379139

Please sign in to comment.