mirror of
https://github.com/grocy/grocy.git
synced 2025-04-29 09:39:57 +00:00
Allow links and iframes in HTMLPurifier (fixes #1461)
This commit is contained in:
parent
33ea1e56cf
commit
7ab59273da
@ -58,6 +58,7 @@
|
||||
- Some night mode style improvements (thanks @BlizzWave and @KTibow)
|
||||
- Help tooltips are now additionally also triggered by clicking on them (instead of only hovering them, which doesn't work on mobile / touch devices)
|
||||
- Fixed that the number picker up/down buttons did not work when the input field was empty or contained an invalid number
|
||||
- Fixed that links and embeds (e.g. YouTube videos) did not work in the text editor
|
||||
|
||||
### API fixes
|
||||
- Fixed that due soon products with `due_type` = "Expiration date" were missing in `due_products` of the `/stock/volatile` endpoint
|
||||
|
@ -99,7 +99,6 @@ class BaseController
|
||||
return PrintService::getInstance();
|
||||
}
|
||||
|
||||
|
||||
protected function getTasksService()
|
||||
{
|
||||
return TasksService::getInstance();
|
||||
@ -211,9 +210,11 @@ class BaseController
|
||||
{
|
||||
$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();
|
||||
$htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache');
|
||||
$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote');
|
||||
$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote');
|
||||
$htmlPurifierConfig->set('HTML.SafeIframe', true);
|
||||
$htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align');
|
||||
$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true]);
|
||||
$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]);
|
||||
$htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); //allow YouTube and Vimeo
|
||||
|
||||
self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user