kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-15 10:14:39 +00:00
Code Issues Projects Releases Wiki Activity

Allow links and iframes in HTMLPurifier (fixes #1461)

Browse Source
This commit is contained in:
Bernd Bestel
2021-06-27 20:13:24 +02:00
parent 33ea1e56cf
commit 7ab59273da
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
controllers/BaseController.php
View File

@@ -99,7 +99,6 @@ class BaseController
return PrintService::getInstance();
}
protected function getTasksService()
{
return TasksService::getInstance();
@@ -211,9 +210,11 @@ class BaseController
{
$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();
$htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache');
$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote');
$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote');
$htmlPurifierConfig->set('HTML.SafeIframe', true);
$htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align');
$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true]);
$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]);
$htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); //allow YouTube and Vimeo
self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig);
}