Update html purifier config

This commit is contained in:
Daniel Supernault 2019-04-23 17:58:46 -06:00
parent 23270e2fe2
commit 4e14cabe70
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
3 changed files with 30 additions and 2 deletions

View file

@ -278,4 +278,8 @@ return [
], ],
'oauth_enabled' => env('OAUTH_ENABLED', false), 'oauth_enabled' => env('OAUTH_ENABLED', false),
'sanitizer' => [
'strict_mode' => env('SANITIZER_STRICT', true)
],
]; ];

View file

@ -67,7 +67,10 @@ return [
| |
*/ */
'HTML.Allowed' => 'a[href|title|rel],p,strong,em,i,u,h1,h2,h3,h4,h5,ul,ol,li,br', 'HTML.Allowed' => env('SANITIZER_STRICT', true) ?
'a[href|title|rel],p,span,br' :
'a[href|title|rel],p,span,strong,em,i,h1,h2,h3,h4,h5,ul,ol,li,br',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
@ -136,6 +139,23 @@ return [
'nofollow' 'nofollow'
], ],
'HTML.TargetBlank' => true,
'HTML.Nofollow' => true,
'URI.DefaultScheme' => 'https',
'URI.DisableExternalResources' => true,
'URI.DisableResources' => true,
'URI.AllowedSchemes' => [
'http' => true,
'https' => true,
],
'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],
], ],
]; ];

View file

@ -13,11 +13,15 @@ class PurifierTest extends TestCase
public function puckTest() public function puckTest()
{ {
$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>"); $actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
$expected = 'catgirl spinning around in the interblag'; $expected = '<span>catgirl spinning around in the interblag</span>';
$this->assertEquals($expected, $actual); $this->assertEquals($expected, $actual);
$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>"); $actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
$expected = '<p>catgirl spinning around in the interblag</p>'; $expected = '<p>catgirl spinning around in the interblag</p>';
$this->assertEquals($expected, $actual); $this->assertEquals($expected, $actual);
$actual = Purify::clean('<a class="navbar-brand d-flex align-items-center" href="https://pixelfed.social" title="Logo"><img src="/img/pixelfed-icon-color.svg" height="30px" class="px-2"><span class="font-weight-bold mb-0 d-none d-sm-block" style="font-size:20px;">pixelfed</span></a>');
$expected = '<a href="https://pixelfed.social" title="Logo" rel="nofollow noreferrer noopener" target="_blank"><span>pixelfed</span></a>';
$this->assertEquals($expected, $actual);
} }
} }