mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-29 09:43:16 +00:00
Update html purifier config
This commit is contained in:
parent
23270e2fe2
commit
4e14cabe70
3 changed files with 30 additions and 2 deletions
|
@ -278,4 +278,8 @@ return [
|
||||||
],
|
],
|
||||||
|
|
||||||
'oauth_enabled' => env('OAUTH_ENABLED', false),
|
'oauth_enabled' => env('OAUTH_ENABLED', false),
|
||||||
|
|
||||||
|
'sanitizer' => [
|
||||||
|
'strict_mode' => env('SANITIZER_STRICT', true)
|
||||||
|
],
|
||||||
];
|
];
|
||||||
|
|
|
@ -67,7 +67,10 @@ return [
|
||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'HTML.Allowed' => 'a[href|title|rel],p,strong,em,i,u,h1,h2,h3,h4,h5,ul,ol,li,br',
|
'HTML.Allowed' => env('SANITIZER_STRICT', true) ?
|
||||||
|
'a[href|title|rel],p,span,br' :
|
||||||
|
'a[href|title|rel],p,span,strong,em,i,h1,h2,h3,h4,h5,ul,ol,li,br',
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
@ -136,6 +139,23 @@ return [
|
||||||
'nofollow'
|
'nofollow'
|
||||||
],
|
],
|
||||||
|
|
||||||
|
'HTML.TargetBlank' => true,
|
||||||
|
|
||||||
|
'HTML.Nofollow' => true,
|
||||||
|
|
||||||
|
'URI.DefaultScheme' => 'https',
|
||||||
|
|
||||||
|
'URI.DisableExternalResources' => true,
|
||||||
|
|
||||||
|
'URI.DisableResources' => true,
|
||||||
|
|
||||||
|
'URI.AllowedSchemes' => [
|
||||||
|
'http' => true,
|
||||||
|
'https' => true,
|
||||||
|
],
|
||||||
|
|
||||||
|
'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],
|
||||||
|
|
||||||
],
|
],
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
|
@ -13,11 +13,15 @@ class PurifierTest extends TestCase
|
||||||
public function puckTest()
|
public function puckTest()
|
||||||
{
|
{
|
||||||
$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
|
$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
|
||||||
$expected = 'catgirl spinning around in the interblag';
|
$expected = '<span>catgirl spinning around in the interblag</span>';
|
||||||
$this->assertEquals($expected, $actual);
|
$this->assertEquals($expected, $actual);
|
||||||
|
|
||||||
$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
|
$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
|
||||||
$expected = '<p>catgirl spinning around in the interblag</p>';
|
$expected = '<p>catgirl spinning around in the interblag</p>';
|
||||||
$this->assertEquals($expected, $actual);
|
$this->assertEquals($expected, $actual);
|
||||||
|
|
||||||
|
$actual = Purify::clean('<a class="navbar-brand d-flex align-items-center" href="https://pixelfed.social" title="Logo"><img src="/img/pixelfed-icon-color.svg" height="30px" class="px-2"><span class="font-weight-bold mb-0 d-none d-sm-block" style="font-size:20px;">pixelfed</span></a>');
|
||||||
|
$expected = '<a href="https://pixelfed.social" title="Logo" rel="nofollow noreferrer noopener" target="_blank"><span>pixelfed</span></a>';
|
||||||
|
$this->assertEquals($expected, $actual);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue