kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-30 10:05:45 +00:00
Code Issues Projects Releases Wiki Activity

Allow img style attribute in HTML filter (fixes #2011)

Browse Source
This commit is contained in:
Bernd Bestel 2022-09-28 21:04:41 +02:00
parent 121050960c
commit fa49b449dd
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/BaseController.php
View File

@ -211,12 +211,13 @@ class BaseController
{ {
$htmlPurifierConfig = \HTMLPurifier_Config::createDefault(); $htmlPurifierConfig = \HTMLPurifier_Config::createDefault();
$htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache'); $htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache');
$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote,*[style|class|id],h1,h2,h3,h4,h5,h6'); $htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[style|width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote,*[style|class|id],h1,h2,h3,h4,h5,h6');
$htmlPurifierConfig->set('Attr.EnableID', true); $htmlPurifierConfig->set('Attr.EnableID', true);
$htmlPurifierConfig->set('HTML.SafeIframe', true); $htmlPurifierConfig->set('HTML.SafeIframe', true);
$htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align'); $htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align,width,height');
$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]); $htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]);
$htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); // Allow any iframe source $htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); // Allow any iframe source
$htmlPurifierConfig->set('CSS.MaxImgLength', null);
self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig); self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig);
} }