Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
oleg
/
pixelfed
kopia lustrzana https://github.com/pixelfed/pixelfed.git
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Update html purifier config

Daniel Supernault 6 lat temu
rodzic
23270e2fe2
commit
4e14cabe70
3 zmienionych plików z 30 dodań i 2 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 4 0
      config/pixelfed.php
  2. 21 1
      config/purify.php
  3. 5 1
      tests/Unit/PurifierTest.php

+ 4 - 0
config/pixelfed.php
Wyświetl plik 

@@ -278,4 +278,8 @@ return [
 
     ],
 
     ],
 
 
 
     'oauth_enabled' => env('OAUTH_ENABLED', false),
 
     'oauth_enabled' => env('OAUTH_ENABLED', false),
 
+
 
+    'sanitizer' => [
 
+        'strict_mode' => env('SANITIZER_STRICT', true)
 
+    ],
 
 ];
 
 ];

+ 21 - 1
config/purify.php
Wyświetl plik 

@@ -67,7 +67,10 @@ return [
 
         |
 
         |
 
         */
 
         */
 
 
 
-        'HTML.Allowed' => 'a[href|title|rel],p,strong,em,i,u,h1,h2,h3,h4,h5,ul,ol,li,br',
 
+        'HTML.Allowed' => env('SANITIZER_STRICT', true) ? 
+            'a[href|title|rel],p,span,br' :
 
+            'a[href|title|rel],p,span,strong,em,i,h1,h2,h3,h4,h5,ul,ol,li,br',
 
+
 
 
 
         /*
 
         /*
 
         |--------------------------------------------------------------------------
 
         |--------------------------------------------------------------------------
 
@@ -136,6 +139,23 @@ return [
 
             'nofollow'
 
             'nofollow'
 
         ],
 
         ],
 
 
 
+        'HTML.TargetBlank' => true,
 
+
 
+        'HTML.Nofollow' => true,
 
+
 
+        'URI.DefaultScheme' => 'https',
 
+
 
+        'URI.DisableExternalResources' => true,
 
+
 
+        'URI.DisableResources' => true,
 
+
 
+        'URI.AllowedSchemes' => [
 
+            'http' => true,
 
+            'https' => true,
 
+        ],
 
+
 
+        'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],
 
+
 
     ],
 
     ],
 
 
 
 ];
 
 ];

+ 5 - 1
tests/Unit/PurifierTest.php
Wyświetl plik 

@@ -13,11 +13,15 @@ class PurifierTest extends TestCase
 
     public function puckTest()
 
     public function puckTest()
 
     {
 
     {
 
     	$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
 
     	$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
 
-    	$expected = 'catgirl spinning around in the interblag';
 
+    	$expected = '<span>catgirl spinning around in the interblag</span>';
 
         $this->assertEquals($expected, $actual);
 
         $this->assertEquals($expected, $actual);
 
 
 
     	$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
 
     	$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
 
     	$expected = '<p>catgirl spinning around in the interblag</p>';
 
     	$expected = '<p>catgirl spinning around in the interblag</p>';
 
         $this->assertEquals($expected, $actual);
 
         $this->assertEquals($expected, $actual);
 
+
 
+        $actual = Purify::clean('<a class="navbar-brand d-flex align-items-center" href="https://pixelfed.social" title="Logo"><img src="/img/pixelfed-icon-color.svg" height="30px" class="px-2"><span class="font-weight-bold mb-0 d-none d-sm-block" style="font-size:20px;">pixelfed</span></a>');
 
+        $expected = '<a href="https://pixelfed.social" title="Logo" rel="nofollow noreferrer noopener" target="_blank"><span>pixelfed</span></a>';
 
+        $this->assertEquals($expected, $actual);
 
     }
 
     }
 
 }
 
 }