Bugfix
This commit is contained in:
Julian Prieber
parent
3d2310f731
commit
ee922a8656
|
|
@ -14,6 +14,7 @@ use Auth;
|
|||
use DB;
|
||||
use ZipArchive;
|
||||
use File;
|
||||
use DOMDocument;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Models\Button;
|
||||
|
|
@ -720,8 +721,34 @@ class UserController extends Controller
|
|||
|
||||
$profilePhoto = $request->file('image');
|
||||
$pageName = $request->littlelink_name;
|
||||
$pageDescription = strip_tags($request->pageDescription,'<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
||||
$pageDescription = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $pageDescription);
|
||||
$pageDescription = $request->pageDescription;
|
||||
|
||||
// Strip HTML tags except for allowed tags
|
||||
$pageDescription = strip_tags($pageDescription, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
|
||||
|
||||
// Sanitize attributes and remove JavaScript code
|
||||
if (!empty($pageDescription)) {
|
||||
$document = new DOMDocument();
|
||||
$document->loadHTML($pageDescription, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);
|
||||
|
||||
// Find all elements that have attributes
|
||||
$elements = $document->getElementsByTagName('*');
|
||||
foreach ($elements as $element) {
|
||||
// Check each attribute of the element
|
||||
foreach ($element->attributes as $attribute) {
|
||||
$attributeName = $attribute->nodeName;
|
||||
|
||||
// Remove attributes that contain "on" followed by an event name
|
||||
if (strpos($attributeName, 'on') === 0) {
|
||||
$element->removeAttribute($attributeName);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Get the sanitized HTML back
|
||||
$pageDescription = $document->saveHTML();
|
||||
}
|
||||
|
||||
$name = $request->name;
|
||||
$checkmark = $request->checkmark;
|
||||
$sharebtn = $request->sharebtn;
|
||||
|
|
|
|||
Loading…
Reference in New Issue