mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-21 03:09:38 +03:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1db1083064 | ||
|
|
664eb6d980 | ||
|
|
80204518a2 | ||
|
|
7528bc19b7 | ||
|
|
6854687d7c | ||
|
|
a8d96fd389 | ||
|
|
9d15c79fee | ||
|
|
ad540a015f | ||
|
|
f54f507854 | ||
|
|
e1de1f0583 | ||
|
|
a2017ffa55 |
@@ -22,8 +22,13 @@ class ConfiguredHtmlPurifier
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
// This is done by the web-server at run-time, with the existing
|
||||
// storage/framework/cache folder to ensure we're using a server-writable folder.
|
||||
$cachePath = storage_path('framework/cache/purifier');
|
||||
$this->createCacheFolderIfNeeded($cachePath);
|
||||
|
||||
$config = HTMLPurifier_HTML5Config::createDefault();
|
||||
$this->setConfig($config);
|
||||
$this->setConfig($config, $cachePath);
|
||||
$this->resetCacheIfNeeded($config);
|
||||
|
||||
$htmlDef = $config->getDefinition('HTML', true, true);
|
||||
@@ -34,6 +39,13 @@ class ConfiguredHtmlPurifier
|
||||
$this->purifier = new HTMLPurifier($config);
|
||||
}
|
||||
|
||||
protected function createCacheFolderIfNeeded(string $cachePath): void
|
||||
{
|
||||
if (!file_exists($cachePath)) {
|
||||
mkdir($cachePath, 0777, true);
|
||||
}
|
||||
}
|
||||
|
||||
protected function resetCacheIfNeeded(HTMLPurifier_Config $config): void
|
||||
{
|
||||
if (self::$cachedChecked) {
|
||||
@@ -53,9 +65,9 @@ class ConfiguredHtmlPurifier
|
||||
self::$cachedChecked = true;
|
||||
}
|
||||
|
||||
protected function setConfig(HTMLPurifier_Config $config): void
|
||||
protected function setConfig(HTMLPurifier_Config $config, string $cachePath): void
|
||||
{
|
||||
$config->set('Cache.SerializerPath', storage_path('framework/purifier'));
|
||||
$config->set('Cache.SerializerPath', $cachePath);
|
||||
$config->set('Core.AllowHostnameUnderscore', true);
|
||||
$config->set('CSS.AllowTricky', true);
|
||||
$config->set('HTML.SafeIframe', true);
|
||||
@@ -122,6 +134,13 @@ class ConfiguredHtmlPurifier
|
||||
'value' => 'Text',
|
||||
]
|
||||
);
|
||||
|
||||
// Allow the drawio-diagram attribute on div elements
|
||||
$definition->addAttribute(
|
||||
'div',
|
||||
'drawio-diagram',
|
||||
'Number',
|
||||
);
|
||||
}
|
||||
|
||||
public function purify(string $html): string
|
||||
|
||||
@@ -103,7 +103,13 @@ class HtmlDocument
|
||||
*/
|
||||
public function getBody(): DOMNode
|
||||
{
|
||||
return $this->document->getElementsByTagName('body')[0];
|
||||
$bodies = $this->document->getElementsByTagName('body');
|
||||
|
||||
if ($bodies->length === 0) {
|
||||
return new DOMElement('body', '');
|
||||
}
|
||||
|
||||
return $bodies[0];
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
54
composer.lock
generated
54
composer.lock
generated
@@ -62,16 +62,16 @@
|
||||
},
|
||||
{
|
||||
"name": "aws/aws-sdk-php",
|
||||
"version": "3.369.35",
|
||||
"version": "3.369.36",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/aws/aws-sdk-php.git",
|
||||
"reference": "0f3e296342fe965271b5dd0bded4a18bdab8aba5"
|
||||
"reference": "2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/0f3e296342fe965271b5dd0bded4a18bdab8aba5",
|
||||
"reference": "0f3e296342fe965271b5dd0bded4a18bdab8aba5",
|
||||
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0",
|
||||
"reference": "2a69e7df5e03be9e08f9f73fb6a8cc9dd63b59c0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -153,9 +153,9 @@
|
||||
"support": {
|
||||
"forum": "https://github.com/aws/aws-sdk-php/discussions",
|
||||
"issues": "https://github.com/aws/aws-sdk-php/issues",
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.35"
|
||||
"source": "https://github.com/aws/aws-sdk-php/tree/3.369.36"
|
||||
},
|
||||
"time": "2026-02-16T19:15:41+00:00"
|
||||
"time": "2026-02-17T19:45:01+00:00"
|
||||
},
|
||||
{
|
||||
"name": "bacon/bacon-qr-code",
|
||||
@@ -1800,16 +1800,16 @@
|
||||
},
|
||||
{
|
||||
"name": "laravel/framework",
|
||||
"version": "v12.51.0",
|
||||
"version": "v12.52.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/laravel/framework.git",
|
||||
"reference": "ce4de3feb211e47c4f959d309ccf8a2733b1bc16"
|
||||
"reference": "d5511fa74f4608dbb99864198b1954042aa8d5a7"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/ce4de3feb211e47c4f959d309ccf8a2733b1bc16",
|
||||
"reference": "ce4de3feb211e47c4f959d309ccf8a2733b1bc16",
|
||||
"url": "https://api.github.com/repos/laravel/framework/zipball/d5511fa74f4608dbb99864198b1954042aa8d5a7",
|
||||
"reference": "d5511fa74f4608dbb99864198b1954042aa8d5a7",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -2018,7 +2018,7 @@
|
||||
"issues": "https://github.com/laravel/framework/issues",
|
||||
"source": "https://github.com/laravel/framework"
|
||||
},
|
||||
"time": "2026-02-10T18:20:19+00:00"
|
||||
"time": "2026-02-17T17:07:04+00:00"
|
||||
},
|
||||
{
|
||||
"name": "laravel/prompts",
|
||||
@@ -8946,36 +8946,36 @@
|
||||
},
|
||||
{
|
||||
"name": "nunomaduro/collision",
|
||||
"version": "v8.9.0",
|
||||
"version": "v8.9.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nunomaduro/collision.git",
|
||||
"reference": "f52cab234f37641bd759c0ad56de17f632851419"
|
||||
"reference": "a1ed3fa530fd60bc515f9303e8520fcb7d4bd935"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/f52cab234f37641bd759c0ad56de17f632851419",
|
||||
"reference": "f52cab234f37641bd759c0ad56de17f632851419",
|
||||
"url": "https://api.github.com/repos/nunomaduro/collision/zipball/a1ed3fa530fd60bc515f9303e8520fcb7d4bd935",
|
||||
"reference": "a1ed3fa530fd60bc515f9303e8520fcb7d4bd935",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"filp/whoops": "^2.18.4",
|
||||
"nunomaduro/termwind": "^2.3.3",
|
||||
"nunomaduro/termwind": "^2.4.0",
|
||||
"php": "^8.2.0",
|
||||
"symfony/console": "^7.4.4 || ^8.0.4"
|
||||
},
|
||||
"conflict": {
|
||||
"laravel/framework": "<11.48.0 || >=14.0.0",
|
||||
"phpunit/phpunit": "<11.5.50 || >=13.0.0"
|
||||
"phpunit/phpunit": "<11.5.50 || >=14.0.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"brianium/paratest": "^7.8.5",
|
||||
"larastan/larastan": "^3.9.2",
|
||||
"laravel/framework": "^11.48.0 || ^12.51.0",
|
||||
"laravel/framework": "^11.48.0 || ^12.52.0",
|
||||
"laravel/pint": "^1.27.1",
|
||||
"orchestra/testbench-core": "^9.12.0 || ^10.9.0",
|
||||
"pestphp/pest": "^3.8.5 || ^4.3.2",
|
||||
"sebastian/environment": "^7.2.1 || ^8.0.3"
|
||||
"pestphp/pest": "^3.8.5 || ^4.4.1 || ^5.0.0",
|
||||
"sebastian/environment": "^7.2.1 || ^8.0.3 || ^9.0.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
@@ -9038,7 +9038,7 @@
|
||||
"type": "patreon"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-16T23:05:52+00:00"
|
||||
"time": "2026-02-17T17:33:08+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phar-io/manifest",
|
||||
@@ -9560,16 +9560,16 @@
|
||||
},
|
||||
{
|
||||
"name": "phpunit/phpunit",
|
||||
"version": "11.5.53",
|
||||
"version": "11.5.55",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/phpunit.git",
|
||||
"reference": "a997a653a82845f1240d73ee73a8a4e97e4b0607"
|
||||
"reference": "adc7262fccc12de2b30f12a8aa0b33775d814f00"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a997a653a82845f1240d73ee73a8a4e97e4b0607",
|
||||
"reference": "a997a653a82845f1240d73ee73a8a4e97e4b0607",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/adc7262fccc12de2b30f12a8aa0b33775d814f00",
|
||||
"reference": "adc7262fccc12de2b30f12a8aa0b33775d814f00",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@@ -9642,7 +9642,7 @@
|
||||
"support": {
|
||||
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
|
||||
"security": "https://github.com/sebastianbergmann/phpunit/security/policy",
|
||||
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.53"
|
||||
"source": "https://github.com/sebastianbergmann/phpunit/tree/11.5.55"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
@@ -9666,7 +9666,7 @@
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-02-10T12:28:25+00:00"
|
||||
"time": "2026-02-18T12:37:06+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/cli-parser",
|
||||
|
||||
@@ -1 +1 @@
|
||||
5732efe93a37a665ec9e526d713293b438e610dcf0c6e950fa7317907e480252
|
||||
8e88c0fe2ea1b1bb500f6cd10cf3fcf04198e2d55fe71f292d091d4faa6eb7f3
|
||||
1
storage/framework/.gitignore
vendored
1
storage/framework/.gitignore
vendored
@@ -7,3 +7,4 @@ routes.php
|
||||
routes.scanned.php
|
||||
schedule-*
|
||||
services.json
|
||||
purifier/
|
||||
|
||||
2
storage/framework/purifier/.gitignore
vendored
2
storage/framework/purifier/.gitignore
vendored
@@ -1,2 +0,0 @@
|
||||
*
|
||||
!.gitignore
|
||||
@@ -463,6 +463,7 @@ HTML;
|
||||
'<div style="position:absolute;left:0;color:#00FFEE;">Hello!</div>' => '<div style="color:#00FFEE;">Hello!</div>',
|
||||
'<div style="background:#FF0000;left:0;color:#00FFEE;">Hello!</div>' => '<div style="background:#FF0000;color:#00FFEE;">Hello!</div>',
|
||||
'<div style="color:#00FFEE;">Hello!<style>testinghello!</style></div>' => '<div style="color:#00FFEE;">Hello!</div>',
|
||||
'<div drawio-diagram="5332" another-attr="cat">Hello!</div>' => '<div drawio-diagram="5332">Hello!</div>',
|
||||
];
|
||||
|
||||
config()->set('app.content_filtering', 'a');
|
||||
|
||||
@@ -282,4 +282,23 @@ class PageEditorTest extends TestCase
|
||||
$resp->assertOk();
|
||||
$resp->assertDontSee('hellotherethisisaturtlemonster', false);
|
||||
}
|
||||
|
||||
public function test_editor_html_filtered_does_not_cause_error_if_empty()
|
||||
{
|
||||
$emptyExamples = ['', '<p></p>', '<p> </p>', ' ', "\n"];
|
||||
$editor = $this->users->editor();
|
||||
$page = $this->entities->page();
|
||||
$page->updated_by = $editor->id;
|
||||
|
||||
foreach ($emptyExamples as $emptyExample) {
|
||||
$page->html = $emptyExample;
|
||||
$page->save();
|
||||
|
||||
$resp = $this->asAdmin()->get($page->getUrl('edit'));
|
||||
$resp->assertOk();
|
||||
|
||||
$resp = $this->asAdmin()->get("/ajax/page/{$page->id}");
|
||||
$resp->assertOk();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user