From 29bf31ba0429fa28236d7e7516e6dbebacea35cc Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Sat, 1 Jun 2024 15:58:52 +0200 Subject: [PATCH] Create new "pure_html" helper function that uses the HTML purifier library to clean up HTML --- application/helpers/html_helper.php | 18 ++++++++ composer.json | 3 +- composer.lock | 65 ++++++++++++++++++++++++++++- 3 files changed, 83 insertions(+), 3 deletions(-) diff --git a/application/helpers/html_helper.php b/application/helpers/html_helper.php index c3edcf3a..785518ec 100644 --- a/application/helpers/html_helper.php +++ b/application/helpers/html_helper.php @@ -178,3 +178,21 @@ if (!function_exists('slot')) { } } } + +if (!function_exists('pure_html')) { + /** + * Use this function in order to render HTML that comes from a text editor or similar, but strip the JS from it. + * + * @param string $markup + * + * @return string + */ + function pure_html(string $markup): string + { + $config = HTMLPurifier_Config::createDefault(); + + $purifier = new HTMLPurifier($config); + + return $purifier->purify($markup); + } +} diff --git a/composer.json b/composer.json index f175ec06..2be97738 100644 --- a/composer.json +++ b/composer.json @@ -40,7 +40,8 @@ "monolog/monolog": "^2.8.0", "google/apiclient": "^2.12.6", "guzzlehttp/guzzle": "^7.5.0", - "sabre/vobject": "^4.5" + "sabre/vobject": "^4.5", + "ezyang/htmlpurifier": "^4.17" }, "require-dev": { "roave/security-advisories": "dev-master", diff --git a/composer.lock b/composer.lock index 1c5ab47d..508b4c85 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,69 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "42334bbe254b633b82b51280317f82a9", + "content-hash": "f9e5d7652965f4a744ffe0112e9e419c", "packages": [ + { + "name": "ezyang/htmlpurifier", + "version": "v4.17.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "bbc513d79acf6691fa9cf10f192c90dd2957f18c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/bbc513d79acf6691fa9cf10f192c90dd2957f18c", + "reference": "bbc513d79acf6691fa9cf10f192c90dd2957f18c", + "shasum": "" + }, + "require": { + "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0" + }, + "require-dev": { + "cerdic/css-tidy": "^1.7 || ^2.0", + "simpletest/simpletest": "dev-master" + }, + "suggest": { + "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.", + "ext-bcmath": "Used for unit conversion and imagecrash protection", + "ext-iconv": "Converts text to and from non-UTF-8 encodings", + "ext-tidy": "Used for pretty-printing HTML" + }, + "type": "library", + "autoload": { + "files": [ + "library/HTMLPurifier.composer.php" + ], + "psr-0": { + "HTMLPurifier": "library/" + }, + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "support": { + "issues": "https://github.com/ezyang/htmlpurifier/issues", + "source": "https://github.com/ezyang/htmlpurifier/tree/v4.17.0" + }, + "time": "2023-11-17T15:01:25+00:00" + }, { "name": "firebase/php-jwt", "version": "v6.10.0", @@ -4215,7 +4276,7 @@ "prefer-stable": false, "prefer-lowest": false, "platform": { - "php": ">=8.0", + "php": ">=8.1", "ext-curl": "*", "ext-json": "*", "ext-mbstring": "*",