Switch to Symfony’s HTML Sanitizer package

2022-06-02 09:40:34 +01:00 · 2022-06-02 09:40:34 +01:00 · e98a90fe1e
commit e98a90fe1e
parent e91f3e0d17
4 changed files with 212 additions and 88 deletions
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -15,6 +15,8 @@ use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Hmac\Sha256;
 use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;

 class AppServiceProvider extends ServiceProvider
 {
@ -91,6 +93,15 @@ class AppServiceProvider extends ServiceProvider

            return $config;
        });
+
+        // Configure HtmlSanitizer
+        $this->app->bind(HtmlSanitizer::class, function () {
+            return new HtmlSanitizer(
+                (new HtmlSanitizerConfig())
+                    ->allowSafeElements()
+                    ->forceAttribute('a', 'rel', 'noopener nofollow')
+            );
+        });
    }

    /**
--- a/app/Traits/FilterHtml.php
+++ b/app/Traits/FilterHtml.php
@ -4,21 +4,13 @@ declare(strict_types=1);

 namespace App\Traits;

-use HtmlSanitizer\Sanitizer;
+use Illuminate\Support\Facades\App;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizer;

 trait FilterHtml
 {
    public function filterHtml(string $html): string
    {
-        return Sanitizer::create([
-            'extensions' => [
-                'basic',
-                'code',
-                'image',
-                'list',
-                'table',
-                'extra',
-            ],
-        ])->sanitize($html);
+        return App::make(HtmlSanitizer::class)->sanitize($html);
    }
 }