-
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Currently we use vanilla `HTMLPurifier` to escape HTML text before showing it to the user. Use the library `Purify` instead for better ergonomics which is a "Laravel wrapper" for HTMLPurifier. https://github.com/stevebauman/purify Resolves #745
- Loading branch information
Showing
8 changed files
with
189 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
<?php | ||
|
||
use Stevebauman\Purify\Definitions\Html5Definition; | ||
|
||
return [ | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| Default Config | ||
|-------------------------------------------------------------------------- | ||
| | ||
| This option defines the default config that is provided to HTMLPurifier. | ||
| | ||
*/ | ||
|
||
'default' => 'default', | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| Config sets | ||
|-------------------------------------------------------------------------- | ||
| | ||
| Here you may configure various sets of configuration for differentiated use of HTMLPurifier. | ||
| A specific set of configuration can be applied by calling the "config($name)" method on | ||
| a Purify instance. Feel free to add/remove/customize these attributes as you wish. | ||
| | ||
| Documentation: http://htmlpurifier.org/live/configdoc/plain.html | ||
| | ||
| Core.Encoding The encoding to convert input to. | ||
| HTML.Doctype Doctype to use during filtering. | ||
| HTML.Allowed The allowed HTML Elements with their allowed attributes. | ||
| HTML.ForbiddenElements The forbidden HTML elements. Elements that are listed in this | ||
| string will be removed, however their content will remain. | ||
| CSS.AllowedProperties The Allowed CSS properties. | ||
| AutoFormat.AutoParagraph Newlines are converted in to paragraphs whenever possible. | ||
| AutoFormat.RemoveEmpty Remove empty elements that contribute no semantic information to the document. | ||
| | ||
*/ | ||
|
||
'configs' => [ | ||
|
||
'default' => [ | ||
'Core.Encoding' => 'utf-8', | ||
'HTML.Doctype' => 'HTML 4.01 Transitional', | ||
'HTML.Allowed' => 'h1,h2,h3,h4,h5,h6,b,strong,i,em,s,del,a[href|title],ul,ol,li,p[style],br,span,img[width|height|alt|src],blockquote', | ||
'HTML.ForbiddenElements' => '', | ||
'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align', | ||
'AutoFormat.AutoParagraph' => false, | ||
'AutoFormat.RemoveEmpty' => false, | ||
], | ||
|
||
], | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| HTMLPurifier definitions | ||
|-------------------------------------------------------------------------- | ||
| | ||
| Here you may specify a class that augments the HTML definitions used by | ||
| HTMLPurifier. Additional HTML5 definitions are provided out of the box. | ||
| When specifying a custom class, make sure it implements the interface: | ||
| | ||
| \Stevebauman\Purify\Definitions\Definition | ||
| | ||
| Note that these definitions are applied to every Purifier instance. | ||
| | ||
| Documentation: http://htmlpurifier.org/docs/enduser-customize.html | ||
| | ||
*/ | ||
|
||
'definitions' => Html5Definition::class, | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| HTMLPurifier CSS definitions | ||
|-------------------------------------------------------------------------- | ||
| | ||
| Here you may specify a class that augments the CSS definitions used by | ||
| HTMLPurifier. When specifying a custom class, make sure it implements | ||
| the interface: | ||
| | ||
| \Stevebauman\Purify\Definitions\CssDefinition | ||
| | ||
| Note that these definitions are applied to every Purifier instance. | ||
| | ||
| CSS should be extending $definition->info['css-attribute'] = values | ||
| See HTMLPurifier_CSSDefinition for further explanation | ||
| | ||
*/ | ||
|
||
'css-definitions' => null, | ||
|
||
/* | ||
|-------------------------------------------------------------------------- | ||
| Serializer | ||
|-------------------------------------------------------------------------- | ||
| | ||
| The storage implementation where HTMLPurifier can store its serializer files. | ||
| If the filesystem cache is in use, the path must be writable through the | ||
| storage disk by the web server, otherwise an exception will be thrown. | ||
| | ||
*/ | ||
|
||
'serializer' => [ | ||
'driver' => env('CACHE_DRIVER', 'file'), | ||
'cache' => \Stevebauman\Purify\Cache\CacheDefinitionCache::class, | ||
], | ||
|
||
// 'serializer' => [ | ||
// 'disk' => env('FILESYSTEM_DISK', 'local'), | ||
// 'path' => 'purify', | ||
// 'cache' => \Stevebauman\Purify\Cache\FilesystemDefinitionCache::class, | ||
// ], | ||
|
||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters