github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-13 07:13:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Comments: Added HTML filter on load, tinymce elem filtering

Browse Source 
- Added filter on load to help prevent potentially dangerous comment
  HTML in DB at load time (if it gets passed input filtering, or is
  existing).
- Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade
  content at point of user-view, rather than surprising the user by
  stripping content, which TinyMCE would show, post-save.
This commit is contained in:
Dan Brown
2024-01-31 16:20:22 +00:00
parent e9a19d5878
commit 06901b878f
4 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Activity/Models/Comment.php
View File

@ -4,6 +4,7 @@ namespace BookStack\Activity\Models;
use BookStack\App\Model;
use BookStack\Users\Models\HasCreatorAndUpdater;
use BookStack\Util\HtmlContentFilter;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\MorphTo;
@ -73,4 +74,9 @@ class Comment extends Model implements Loggable
{
return "Comment #{$this->local_id} (ID: {$this->id}) for {$this->entity_type} (ID: {$this->entity_id})";
}
public function safeHtml(): string
{
return HtmlContentFilter::removeScriptsFromHtmlString($this->html ?? '');
}
}