From 036ea43e4fb2cb21de7893ae3a37f8525986a8f9 Mon Sep 17 00:00:00 2001 From: Teromene Date: Fri, 26 Feb 2016 18:17:48 +0000 Subject: [PATCH 1/2] Modified HTMLUtils, corrected few bugs. --- lib/HTMLUtils.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/HTMLUtils.php b/lib/HTMLUtils.php index 4e6b5e2..cb1bc0b 100644 --- a/lib/HTMLUtils.php +++ b/lib/HTMLUtils.php @@ -158,16 +158,16 @@ class HTMLSanitizer { var $onlyKeepText; - public static $DEFAULT_CLEAR_TAGS = ["script", "iframe"]; + public static $DEFAULT_CLEAR_TAGS = ["script", "iframe", "input", "form"]; public static $KEPT_ATTRIBUTES = ["title", "href", "src"]; - const ONLY_TEXT = null; + public static $ONLY_TEXT = []; - function __construct($tags_to_remove = HTMLSanitizer::DEFAULT_CLEAR_TAGS, $kept_attributes = HTMLSanitizer::KEPT_ATTRIBUTES, $only_keep_text = HTMLSanitizer::ONLY_TEXT) { + function __construct($tags_to_remove = null, $kept_attributes = null, $only_keep_text = null) { - $this->tagsToRemove = $tags_to_remove; - $this->keptAttributes = $kept_attributes; - $this->onlyKeepText = $only_keep_text; + $this->tagsToRemove = $tags_to_remove == null ? HTMLSanitizer::$DEFAULT_CLEAR_TAGS : $tags_to_remove; + $this->keptAttributes = $kept_attributes == null ? HTMLSanitizer::$KEPT_ATTRIBUTES : $kept_attributes; + $this->onlyKeepText = $only_keep_text == null ? HTMLSanitizer::$ONLY_TEXT : $only_keep_text; } @@ -175,7 +175,7 @@ class HTMLSanitizer { $htmlContent = str_get_html($textToSanitize); - foreach($htmlContent->find('*[!j_ai_pas_trouve_comment_tout_demander]') as $element) { + foreach($htmlContent->find('*[!vive_les_chapeaux]') as $element) { if(in_array($element->tag, $this->onlyKeepText)) { $element->outertext = $element->plaintext; } else if(in_array($element->tag, $this->tagsToRemove)) { @@ -192,10 +192,12 @@ class HTMLSanitizer { } public static function defaultImageSrcTo($content, $server) { foreach($content->find('img') as $image) { - if(strpos($image->src, '/')==0) { + + if(strpos($image->src, "http") == NULL && strpos($image->src, "//") == NULL && strpos($image->src, "data:") == NULL) { $image->src = $server.$image->src; - } + } } + return $content; } } From 1c1bcc20ffb1623fc426b3ad7199155647a5f350 Mon Sep 17 00:00:00 2001 From: Teromene Date: Fri, 26 Feb 2016 18:31:53 +0000 Subject: [PATCH 2/2] Changed the antiselector to be less likely to happen. --- lib/HTMLUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/HTMLUtils.php b/lib/HTMLUtils.php index cb1bc0b..1e2f0f7 100644 --- a/lib/HTMLUtils.php +++ b/lib/HTMLUtils.php @@ -175,7 +175,7 @@ class HTMLSanitizer { $htmlContent = str_get_html($textToSanitize); - foreach($htmlContent->find('*[!vive_les_chapeaux]') as $element) { + foreach($htmlContent->find('*[!b38fd2b1fe7f4747d6b1c1254ccd055e]') as $element) { if(in_array($element->tag, $this->onlyKeepText)) { $element->outertext = $element->plaintext; } else if(in_array($element->tag, $this->tagsToRemove)) {