2018-11-04 04:01:30 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| Settings
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The configuration settings array is passed directly to HTMLPurifier.
|
|
|
|
|
|
|
|
|
| Feel free to add / remove / customize these attributes as you wish.
|
|
|
|
|
|
|
|
|
| Documentation: http://htmlpurifier.org/live/configdoc/plain.html
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'settings' => [
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| Core.Encoding
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The encoding to convert input to.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#Core.Encoding
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'Core.Encoding' => 'utf-8',
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| Core.SerializerPath
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The HTML purifier serializer cache path.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'Cache.SerializerPath' => storage_path('purify'),
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| HTML.Doctype
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| Doctype to use during filtering.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#HTML.Doctype
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
2019-01-31 21:01:32 +00:00
|
|
|
'HTML.Doctype' => 'XHTML 1.0 Transitional',
|
2018-11-04 04:01:30 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| HTML.Allowed
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The allowed HTML Elements with their allowed attributes.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
2019-04-24 00:30:50 +00:00
|
|
|
'HTML.Allowed' => env('RESTRICT_HTML_TYPES', true) ?
|
2019-04-23 23:58:46 +00:00
|
|
|
'a[href|title|rel],p,span,br' :
|
|
|
|
'a[href|title|rel],p,span,strong,em,i,h1,h2,h3,h4,h5,ul,ol,li,br',
|
|
|
|
|
2018-11-04 04:01:30 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| HTML.ForbiddenElements
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The forbidden HTML elements. Elements that are listed in
|
|
|
|
| this string will be removed, however their content will remain.
|
|
|
|
|
|
|
|
|
| For example if 'p' is inside the string, the string: '<p>Test</p>',
|
|
|
|
|
|
|
|
|
| Will be cleaned to: 'Test'
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#HTML.ForbiddenElements
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'HTML.ForbiddenElements' => '',
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| CSS.AllowedProperties
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The Allowed CSS properties.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#CSS.AllowedProperties
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'CSS.AllowedProperties' => '',
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| AutoFormat.AutoParagraph
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| The Allowed CSS properties.
|
|
|
|
|
|
|
|
|
| This directive turns on auto-paragraphing, where double
|
|
|
|
| newlines are converted in to paragraphs whenever possible.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.AutoParagraph
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'AutoFormat.AutoParagraph' => false,
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| AutoFormat.RemoveEmpty
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| When enabled, HTML Purifier will attempt to remove empty
|
|
|
|
| elements that contribute no semantic information to the document.
|
|
|
|
|
|
|
|
|
| http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.RemoveEmpty
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
'AutoFormat.RemoveEmpty' => false,
|
|
|
|
|
|
|
|
'Attr.AllowedRel' => [
|
|
|
|
'noreferrer',
|
|
|
|
'noopener',
|
|
|
|
'nofollow'
|
|
|
|
],
|
|
|
|
|
2019-04-23 23:58:46 +00:00
|
|
|
'HTML.TargetBlank' => true,
|
|
|
|
|
|
|
|
'HTML.Nofollow' => true,
|
|
|
|
|
|
|
|
'URI.DefaultScheme' => 'https',
|
|
|
|
|
|
|
|
'URI.DisableExternalResources' => true,
|
|
|
|
|
|
|
|
'URI.DisableResources' => true,
|
|
|
|
|
|
|
|
'URI.AllowedSchemes' => [
|
|
|
|
'http' => true,
|
|
|
|
'https' => true,
|
|
|
|
],
|
|
|
|
|
|
|
|
'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],
|
|
|
|
|
2018-11-04 04:01:30 +00:00
|
|
|
],
|
|
|
|
|
|
|
|
];
|