jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Switch to Symfony’s HTML Sanitizer package

Browse source
This commit is contained in:
Jonny Barnes 2022-06-02 09:40:34 +01:00
parent e91f3e0d17
commit e98a90fe1e
4 changed files with 212 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/Providers/AppServiceProvider.php
View file

@ -15,6 +15,8 @@ use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Hmac\Sha256; use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Validation\Constraint\SignedWith; use Lcobucci\JWT\Validation\Constraint\SignedWith;
use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
class AppServiceProvider extends ServiceProvider class AppServiceProvider extends ServiceProvider
{ {
@ -91,6 +93,15 @@ class AppServiceProvider extends ServiceProvider
return $config; return $config;
}); });
// Configure HtmlSanitizer
$this->app->bind(HtmlSanitizer::class, function () {
return new HtmlSanitizer(
(new HtmlSanitizerConfig())
->allowSafeElements()
->forceAttribute('a', 'rel', 'noopener nofollow')
);
});
} }
/** /**

14
app/Traits/FilterHtml.php
View file

@ -4,21 +4,13 @@ declare(strict_types=1);
namespace App\Traits; namespace App\Traits;
use HtmlSanitizer\Sanitizer; use Illuminate\Support\Facades\App;
use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
trait FilterHtml trait FilterHtml
{ {
public function filterHtml(string $html): string public function filterHtml(string $html): string
{ {
return Sanitizer::create([ return App::make(HtmlSanitizer::class)->sanitize($html);
'extensions' => [
'basic',
'code',
'image',
'list',
'table',
'extra',
],
])->sanitize($html);
} }
} }

4
composer.json
View file

@ -10,9 +10,9 @@
"license": "CC0-1.0", "license": "CC0-1.0",
"require": { "require": {
"php": "^8.0", "php": "^8.0",
"ext-dom": "*",
"ext-intl": "*", "ext-intl": "*",
"ext-json": "*", "ext-json": "*",
"ext-dom": "*",
"cviebrock/eloquent-sluggable": "^9.0", "cviebrock/eloquent-sluggable": "^9.0",
"fruitcake/laravel-cors": "^2.0", "fruitcake/laravel-cors": "^2.0",
"guzzlehttp/guzzle": "^7.0.1", "guzzlehttp/guzzle": "^7.0.1",
@ -31,7 +31,7 @@
"predis/predis": "~1.0", "predis/predis": "~1.0",
"spatie/browsershot": "~3.0", "spatie/browsershot": "~3.0",
"spatie/commonmark-highlighter": "^3.0", "spatie/commonmark-highlighter": "^3.0",
"tgalopin/html-sanitizer": "^1.1" "symfony/html-sanitizer": "^6.1"
}, },
"require-dev": { "require-dev": {
"barryvdh/laravel-debugbar": "^3.0", "barryvdh/laravel-debugbar": "^3.0",

271
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "55bc26fbd6415b029f9d6ebaa19f6bd5", "content-hash": "076c4cf5d0f658b12cb4c27452335b4b",
"packages": [ "packages": [
{ {
"name": "asm89/stack-cors", "name": "asm89/stack-cors",
@ -2841,43 +2841,51 @@
"time": "2022-04-17T13:12:02+00:00" "time": "2022-04-17T13:12:02+00:00"
}, },
{ {
"name": "league/uri-parser", "name": "league/uri",
"version": "1.4.1", "version": "6.6.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/thephpleague/uri-parser.git", "url": "https://github.com/thephpleague/uri.git",
"reference": "671548427e4c932352d9b9279fdfa345bf63fa00" "reference": "4147f19b9de3b5af6a258f35d7a0efbbf9963298"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/thephpleague/uri-parser/zipball/671548427e4c932352d9b9279fdfa345bf63fa00", "url": "https://api.github.com/repos/thephpleague/uri/zipball/4147f19b9de3b5af6a258f35d7a0efbbf9963298",
"reference": "671548427e4c932352d9b9279fdfa345bf63fa00", "reference": "4147f19b9de3b5af6a258f35d7a0efbbf9963298",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=7.0.0" "ext-json": "*",
"league/uri-interfaces": "^2.3",
"php": "^7.4 || ^8.0",
"psr/http-message": "^1.0"
},
"conflict": {
"league/uri-schemes": "^1.0"
}, },
"require-dev": { "require-dev": {
"friendsofphp/php-cs-fixer": "^2.0", "friendsofphp/php-cs-fixer": "^v3.3.2",
"phpstan/phpstan": "^0.9.2", "php-http/psr7-integration-tests": "^1.1",
"phpstan/phpstan-phpunit": "^0.9.4", "phpstan/phpstan": "^1.2.0",
"phpstan/phpstan-strict-rules": "^0.9.0", "phpstan/phpstan-deprecation-rules": "^1.0",
"phpunit/phpunit": "^6.0" "phpstan/phpstan-phpunit": "^1.0.0",
"phpstan/phpstan-strict-rules": "^1.1.0",
"phpunit/phpunit": "^9.5.10",
"psr/http-factory": "^1.0"
}, },
"suggest": { "suggest": {
"ext-intl": "Allow parsing RFC3987 compliant hosts", "ext-fileinfo": "Needed to create Data URI from a filepath",
"league/uri-schemes": "Allow validating and normalizing URI parsing results" "ext-intl": "Needed to improve host validation",
"league/uri-components": "Needed to easily manipulate URI objects",
"psr/http-factory": "Needed to use the URI factory"
}, },
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-master": "1.x-dev" "dev-master": "6.x-dev"
} }
}, },
"autoload": { "autoload": {
"files": [
"src/functions_include.php"
],
"psr-4": { "psr-4": {
"League\\Uri\\": "src" "League\\Uri\\": "src"
} }
@ -2893,21 +2901,113 @@
"homepage": "https://nyamsprod.com" "homepage": "https://nyamsprod.com"
} }
], ],
"description": "userland URI parser RFC 3986 compliant", "description": "URI manipulation library",
"homepage": "https://github.com/thephpleague/uri-parser", "homepage": "https://uri.thephpleague.com",
"keywords": [ "keywords": [
"data-uri",
"file-uri",
"ftp",
"hostname",
"http",
"https",
"middleware",
"parse_str",
"parse_url", "parse_url",
"parser", "psr-7",
"query-string",
"querystring",
"rfc3986",
"rfc3987",
"rfc6570",
"uri",
"uri-template",
"url",
"ws"
],
"support": {
"docs": "https://uri.thephpleague.com",
"forum": "https://thephpleague.slack.com",
"issues": "https://github.com/thephpleague/uri/issues",
"source": "https://github.com/thephpleague/uri/tree/6.6.0"
},
"funding": [
{
"url": "https://github.com/sponsors/nyamsprod",
"type": "github"
}
],
"time": "2022-05-28T05:44:35+00:00"
},
{
"name": "league/uri-interfaces",
"version": "2.3.0",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/uri-interfaces.git",
"reference": "00e7e2943f76d8cb50c7dfdc2f6dee356e15e383"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/00e7e2943f76d8cb50c7dfdc2f6dee356e15e383",
"reference": "00e7e2943f76d8cb50c7dfdc2f6dee356e15e383",
"shasum": ""
},
"require": {
"ext-json": "*",
"php": "^7.2 || ^8.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^2.19",
"phpstan/phpstan": "^0.12.90",
"phpstan/phpstan-phpunit": "^0.12.19",
"phpstan/phpstan-strict-rules": "^0.12.9",
"phpunit/phpunit": "^8.5.15 || ^9.5"
},
"suggest": {
"ext-intl": "to use the IDNA feature",
"symfony/intl": "to use the IDNA feature via Symfony Polyfill"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.x-dev"
}
},
"autoload": {
"psr-4": {
"League\\Uri\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Ignace Nyamagana Butera",
"email": "nyamsprod@gmail.com",
"homepage": "https://nyamsprod.com"
}
],
"description": "Common interface for URI representation",
"homepage": "http://github.com/thephpleague/uri-interfaces",
"keywords": [
"rfc3986", "rfc3986",
"rfc3987", "rfc3987",
"uri", "uri",
"url" "url"
], ],
"support": { "support": {
"issues": "https://github.com/thephpleague/uri-parser/issues", "issues": "https://github.com/thephpleague/uri-interfaces/issues",
"source": "https://github.com/thephpleague/uri-parser/tree/master" "source": "https://github.com/thephpleague/uri-interfaces/tree/2.3.0"
}, },
"time": "2018-11-22T07:55:51+00:00" "funding": [
{
"url": "https://github.com/sponsors/nyamsprod",
"type": "github"
}
],
"time": "2021-06-28T04:27:21+00:00"
}, },
{ {
"name": "masterminds/html5", "name": "masterminds/html5",
@ -5295,6 +5395,75 @@
], ],
"time": "2022-04-15T08:08:08+00:00" "time": "2022-04-15T08:08:08+00:00"
}, },
{
"name": "symfony/html-sanitizer",
"version": "v6.1.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/html-sanitizer.git",
"reference": "28d19124099e860ef52da06ae251e37738b750fe"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/html-sanitizer/zipball/28d19124099e860ef52da06ae251e37738b750fe",
"reference": "28d19124099e860ef52da06ae251e37738b750fe",
"shasum": ""
},
"require": {
"ext-dom": "*",
"league/uri": "^6.5",
"masterminds/html5": "^2.7.2",
"php": ">=8.1"
},
"type": "library",
"autoload": {
"psr-4": {
"Symfony\\Component\\HtmlSanitizer\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Titouan Galopin",
"email": "galopintitouan@gmail.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM.",
"homepage": "https://symfony.com",
"keywords": [
"Purifier",
"html",
"sanitizer"
],
"support": {
"source": "https://github.com/symfony/html-sanitizer/tree/v6.1.0"
},
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2022-05-06T15:18:34+00:00"
},
{ {
"name": "symfony/http-foundation", "name": "symfony/http-foundation",
"version": "v6.1.0", "version": "v6.1.0",
@ -6871,54 +7040,6 @@
], ],
"time": "2022-05-21T13:34:40+00:00" "time": "2022-05-21T13:34:40+00:00"
}, },
{
"name": "tgalopin/html-sanitizer",
"version": "1.5.0",
"source": {
"type": "git",
"url": "https://github.com/tgalopin/html-sanitizer.git",
"reference": "5d02dcb6f2ea4f505731eac440798caa1b3b0913"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tgalopin/html-sanitizer/zipball/5d02dcb6f2ea4f505731eac440798caa1b3b0913",
"reference": "5d02dcb6f2ea4f505731eac440798caa1b3b0913",
"shasum": ""
},
"require": {
"ext-dom": "*",
"league/uri-parser": "^1.4.1",
"masterminds/html5": "^2.4",
"php": ">=7.1",
"psr/log": "^1.0|^2.0|^3.0"
},
"require-dev": {
"phpunit/phpunit": "^7.4",
"symfony/var-dumper": "^4.1"
},
"type": "library",
"autoload": {
"psr-4": {
"HtmlSanitizer\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Titouan Galopin",
"email": "galopintitouan@gmail.com"
}
],
"description": "Sanitize untrustworthy HTML user input",
"support": {
"issues": "https://github.com/tgalopin/html-sanitizer/issues",
"source": "https://github.com/tgalopin/html-sanitizer/tree/1.5.0"
},
"time": "2021-09-14T08:27:50+00:00"
},
{ {
"name": "tijsverkoyen/css-to-inline-styles", "name": "tijsverkoyen/css-to-inline-styles",
"version": "2.2.4", "version": "2.2.4",
@ -12216,9 +12337,9 @@
"prefer-lowest": false, "prefer-lowest": false,
"platform": { "platform": {
"php": "^8.0", "php": "^8.0",
"ext-dom": "*",
"ext-intl": "*", "ext-intl": "*",
"ext-json": "*", "ext-json": "*"
"ext-dom": "*"
}, },
"platform-dev": [], "platform-dev": [],
"plugin-api-version": "2.3.0" "plugin-api-version": "2.3.0"