mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 00:55:19 +00:00
more work on mixed format messages
This commit is contained in:
parent
0474143b89
commit
6d2f9b4cac
3 changed files with 17 additions and 10 deletions
|
@ -1324,11 +1324,9 @@ function bbcode($Text, $options = []) {
|
|||
// Replace any html brackets with HTML Entities to prevent executing HTML or script
|
||||
// Don't use strip_tags here because it breaks [url] search by replacing & with amp
|
||||
|
||||
// experimental.... not yet working
|
||||
// $Text = purify_html($Text);
|
||||
|
||||
// $Text = str_replace("<", "<", $Text);
|
||||
// $Text = str_replace(">", ">", $Text);
|
||||
// These are no longer needed since we run the content through purify_html()
|
||||
// $Text = str_replace("<", "<", $Text);
|
||||
// $Text = str_replace(">", ">", $Text);
|
||||
|
||||
|
||||
// Check for [code] text here, before the linefeeds are messed with.
|
||||
|
@ -1359,7 +1357,7 @@ function bbcode($Text, $options = []) {
|
|||
|
||||
$Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text);
|
||||
|
||||
$Text = purify_html($Text);
|
||||
$Text = purify_html($Text, [ 'escape' ]);
|
||||
|
||||
// Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable
|
||||
|
||||
|
|
|
@ -263,7 +263,7 @@ function oembed_fetch_url($embedurl){
|
|||
|
||||
// logger('frame src: ' . $j['html'], LOGGER_DATA);
|
||||
|
||||
$j['html'] = purify_html($j['html'],$allow_position);
|
||||
$j['html'] = purify_html($j['html'], (($allow_position) ? [ 'allow_position' ] : []));
|
||||
if($j['html'] != $orig) {
|
||||
// logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);
|
||||
}
|
||||
|
|
|
@ -150,7 +150,7 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
|
|||
* @param boolean $allow_position allow CSS position
|
||||
* @return string standards compliant filtered HTML
|
||||
*/
|
||||
function purify_html($s, $allow_position = false) {
|
||||
function purify_html($s, $opts = []) {
|
||||
|
||||
/**
|
||||
* @FIXME this function has html output, not bbcode - so safely purify these
|
||||
|
@ -163,6 +163,15 @@ function purify_html($s, $allow_position = false) {
|
|||
$config->set('Cache.DefinitionImpl', null);
|
||||
$config->set('Attr.EnableID', true);
|
||||
|
||||
// This will escape invalid tags in the output instead of removing.
|
||||
// This is necessary for mixed format (text+bbcode+html+markdown) messages or
|
||||
// some angle brackets in plaintext may get stripped if they look like an HTML tag
|
||||
|
||||
if (in_array('escape',$opts)) {
|
||||
$config->set('Core.EscapeInvalidChildren', true);
|
||||
$config->set('Core.EscapeInvalidTags', true);
|
||||
}
|
||||
|
||||
// If enabled, target=blank attributes are added to all links.
|
||||
//$config->set('HTML.TargetBlank', true);
|
||||
//$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
|
||||
|
@ -285,7 +294,7 @@ function purify_html($s, $allow_position = false) {
|
|||
$def->addElement('button', 'Inline', 'Inline', 'Common');
|
||||
|
||||
|
||||
if($allow_position) {
|
||||
if(in_array('allow_position', $opts)) {
|
||||
$cssDefinition = $config->getCSSDefinition();
|
||||
|
||||
$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);
|
||||
|
|
Loading…
Reference in a new issue