Merge pull request #265 from jonnybarnes/develop

MTM Dependency updates and HTML Sanitizer

.github/workflows/run-tests.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Setup PHP with pecl extension
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.0'
+          php-version: '8.1'
           tools: phpcs
       - name: Copy .env
         run: php -r "file_exists('.env') || copy('.env.github', '.env');"

app/Providers/AppServiceProvider.php

@@ -15,6 +15,8 @@ use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Hmac\Sha256;
 use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -91,6 +93,15 @@ class AppServiceProvider extends ServiceProvider
 
             return $config;
         });
+
+        // Configure HtmlSanitizer
+        $this->app->bind(HtmlSanitizer::class, function () {
+            return new HtmlSanitizer(
+                (new HtmlSanitizerConfig())
+                    ->allowSafeElements()
+                    ->forceAttribute('a', 'rel', 'noopener nofollow')
+            );
+        });
     }
 
     /**

app/Traits/FilterHtml.php

@@ -4,21 +4,13 @@ declare(strict_types=1);
 
 namespace App\Traits;
 
-use HtmlSanitizer\Sanitizer;
+use Illuminate\Support\Facades\App;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
 
 trait FilterHtml
 {
     public function filterHtml(string $html): string
     {
-        return Sanitizer::create([
-            'extensions' => [
-                'basic',
-                'code',
-                'image',
-                'list',
-                'table',
-                'extra',
-            ],
-        ])->sanitize($html);
+        return App::make(HtmlSanitizer::class)->sanitize($html);
     }
 }

composer.json

@@ -10,9 +10,9 @@
     "license": "CC0-1.0",
     "require": {
         "php": "^8.0",
+        "ext-dom": "*",
         "ext-intl": "*",
         "ext-json": "*",
-        "ext-dom": "*",
         "cviebrock/eloquent-sluggable": "^9.0",
         "fruitcake/laravel-cors": "^2.0",
         "guzzlehttp/guzzle": "^7.0.1",
@@ -31,7 +31,7 @@
         "predis/predis": "~1.0",
         "spatie/browsershot": "~3.0",
         "spatie/commonmark-highlighter": "^3.0",
-        "tgalopin/html-sanitizer": "^1.1"
+        "symfony/html-sanitizer": "^6.1"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.0",

package.json

@@ -14,7 +14,7 @@
         "autoprefixer": "^10.2.4",
         "babel-loader": "^8.2.1",
         "browserlist": "^1.0.1",
-        "compression-webpack-plugin": "^9.2.0",
+        "compression-webpack-plugin": "^10.0.0",
         "css-loader": "^6.2.0",
         "cssnano": "^5.0.2",
         "eslint": "^8.6.0",
@@ -24,7 +24,7 @@
         "postcss-combine-duplicated-selectors": "^10.0.2",
         "postcss-combine-media-query": "^1.0.1",
         "postcss-import": "^14.0.0",
-        "postcss-loader": "^6.1.1",
+        "postcss-loader": "^7.0.0",
         "pre-commit": "^1.1.3",
         "stylelint": "^14.2.0",
         "stylelint-config-standard": "^25.0.0",