Browse Source

clean up editor HTML when posting to Micropub endpoint

closes #67
pull/82/head
Aaron Parecki 8 years ago
parent
commit
d00c336a55
No known key found for this signature in database GPG Key ID: 276C2817346D6056
  1. 1
      composer.json
  2. 46
      composer.lock
  3. 5
      controllers/editor.php
  4. 47
      lib/helpers.php
  5. 2
      public/editor-files/editor.js
  6. 3
      public/editor-files/style.css

1
composer.json

@ -11,6 +11,7 @@
"firebase/php-jwt": "2.*",
"abraham/twitteroauth": "*",
"andreyco/instagram": "3.*",
"ezyang/htmlpurifier": "4.*",
"p3k/multipart": "*",
"tantek/cassis": "*",
"p3k/timezone": "*"

46
composer.lock

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "4ec77b1fe4974da5d6a392ec0d362858",
"content-hash": "1eb78fb0a7afe487cc3c9dd58d35532e",
"packages": [
{
"name": "abraham/twitteroauth",
@ -143,6 +143,50 @@
"description": "Cleans up microformats2 array structures",
"time": "2014-10-06T23:11:15+00:00"
},
{
"name": "ezyang/htmlpurifier",
"version": "v4.8.0",
"source": {
"type": "git",
"url": "https://github.com/ezyang/htmlpurifier.git",
"reference": "d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2",
"reference": "d0c392f77d2f2a3dcf7fcb79e2a1e2b8804e75b2",
"shasum": ""
},
"require": {
"php": ">=5.2"
},
"type": "library",
"autoload": {
"psr-0": {
"HTMLPurifier": "library/"
},
"files": [
"library/HTMLPurifier.composer.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL"
],
"authors": [
{
"name": "Edward Z. Yang",
"email": "admin@htmlpurifier.org",
"homepage": "http://ezyang.com"
}
],
"description": "Standards compliant HTML filter written in PHP",
"homepage": "http://htmlpurifier.org/",
"keywords": [
"html"
],
"time": "2016-07-16T12:58:58+00:00"
},
{
"name": "firebase/php-jwt",
"version": "v2.2.0",

5
controllers/editor.php

@ -14,8 +14,11 @@ $app->post('/editor/publish', function() use($app) {
$content = $params['body'];
// Clean up the HTML from the editor
$content = sanitize_editor_html($content);
if($user->micropub_optin_html_content) {
$content = ['html' => $params['body']];
$content = ['html' => $content];
}
$micropub_request = array(

47
lib/helpers.php

@ -380,3 +380,50 @@ function correct_photo_rotation($filename) {
$image->writeImage($filename);
}
}
function sanitize_editor_html($html) {
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$config->set('HTML.AllowedElements', [
'a',
'abbr',
'b',
'code',
'del',
'em',
'i',
'img',
'q',
'strike',
'strong',
'blockquote',
'pre',
'p',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'ul',
'li',
'ol'
]);
// Allow data: URIs
$config->set('URI.AllowedSchemes', array('data' => true, 'http' => true, 'https' => true));
// Strip all classes from elements
$config->set('Attr.AllowedClasses', '');
// $def = $config->getHTMLDefinition(true);
$purifier = new HTMLPurifier($config);
$sanitized = $purifier->purify($html);
$sanitized = str_replace("
","\r",$sanitized);
# Remove empty paragraphs
$sanitized = str_replace('<p><br /></p>','',$sanitized);
$sanitized = str_replace('<p></p>','',$sanitized);
return $sanitized;
}

2
public/editor-files/editor.js

@ -25,7 +25,7 @@ $(function() {
}
},
embeds: {
oembedProxy: '/editor/oembed'
oembedProxy: null
}
}
});

3
public/editor-files/style.css

@ -315,3 +315,6 @@ blockquote {
color: #ccc;
}
.medium-insert-action[data-addon=embeds] {
display: none !important;
}
Loading…
Cancel
Save