forked from mirror/pixelfed
Update html purifier config
This commit is contained in:
parent
23270e2fe2
commit
4e14cabe70
3 changed files with 30 additions and 2 deletions
|
@ -278,4 +278,8 @@ return [
|
|||
],
|
||||
|
||||
'oauth_enabled' => env('OAUTH_ENABLED', false),
|
||||
|
||||
'sanitizer' => [
|
||||
'strict_mode' => env('SANITIZER_STRICT', true)
|
||||
],
|
||||
];
|
||||
|
|
|
@ -67,7 +67,10 @@ return [
|
|||
|
|
||||
*/
|
||||
|
||||
'HTML.Allowed' => 'a[href|title|rel],p,strong,em,i,u,h1,h2,h3,h4,h5,ul,ol,li,br',
|
||||
'HTML.Allowed' => env('SANITIZER_STRICT', true) ?
|
||||
'a[href|title|rel],p,span,br' :
|
||||
'a[href|title|rel],p,span,strong,em,i,h1,h2,h3,h4,h5,ul,ol,li,br',
|
||||
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
@ -136,6 +139,23 @@ return [
|
|||
'nofollow'
|
||||
],
|
||||
|
||||
'HTML.TargetBlank' => true,
|
||||
|
||||
'HTML.Nofollow' => true,
|
||||
|
||||
'URI.DefaultScheme' => 'https',
|
||||
|
||||
'URI.DisableExternalResources' => true,
|
||||
|
||||
'URI.DisableResources' => true,
|
||||
|
||||
'URI.AllowedSchemes' => [
|
||||
'http' => true,
|
||||
'https' => true,
|
||||
],
|
||||
|
||||
'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],
|
||||
|
||||
],
|
||||
|
||||
];
|
||||
|
|
|
@ -13,11 +13,15 @@ class PurifierTest extends TestCase
|
|||
public function puckTest()
|
||||
{
|
||||
$actual = Purify::clean("<span class=\"fa-spin fa\">catgirl spinning around in the interblag</span>");
|
||||
$expected = 'catgirl spinning around in the interblag';
|
||||
$expected = '<span>catgirl spinning around in the interblag</span>';
|
||||
$this->assertEquals($expected, $actual);
|
||||
|
||||
$actual = Purify::clean("<p class=\"fa-spin fa\">catgirl spinning around in the interblag</p>");
|
||||
$expected = '<p>catgirl spinning around in the interblag</p>';
|
||||
$this->assertEquals($expected, $actual);
|
||||
|
||||
$actual = Purify::clean('<a class="navbar-brand d-flex align-items-center" href="https://pixelfed.social" title="Logo"><img src="/img/pixelfed-icon-color.svg" height="30px" class="px-2"><span class="font-weight-bold mb-0 d-none d-sm-block" style="font-size:20px;">pixelfed</span></a>');
|
||||
$expected = '<a href="https://pixelfed.social" title="Logo" rel="nofollow noreferrer noopener" target="_blank"><span>pixelfed</span></a>';
|
||||
$this->assertEquals($expected, $actual);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue