dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: Purify for better sanitization

Browse Source
This commit is contained in:
peaklabs-dev
2025-01-07 13:47:16 +01:00
parent 70f93b1513
commit 8a80401f15
4 changed files with 245 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -47,6 +47,7 @@
"spatie/laravel-ray": "^1.37", "spatie/laravel-ray": "^1.37",
"spatie/laravel-schemaless-attributes": "^2.4", "spatie/laravel-schemaless-attributes": "^2.4",
"spatie/url": "^2.2", "spatie/url": "^2.2",
"stevebauman/purify": "^6.2",
"stripe/stripe-php": "^16.2.0", "stripe/stripe-php": "^16.2.0",
"symfony/yaml": "^7.1.6", "symfony/yaml": "^7.1.6",
"visus/cuid2": "^4.1.0", "visus/cuid2": "^4.1.0",

129
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "35041f9af7cbf8626f54891f1ede3622", "content-hash": "aa98760c097f486cac380aa701e4317c",
"packages": [ "packages": [
{ {
"name": "3sidedcube/laravel-redoc", "name": "3sidedcube/laravel-redoc",
@@ -1883,6 +1883,67 @@
], ],
"time": "2024-12-27T00:36:43+00:00" "time": "2024-12-27T00:36:43+00:00"
}, },
{
"name": "ezyang/htmlpurifier",
"version": "v4.18.0",
"source": {
"type": "git",
"url": "https://github.com/ezyang/htmlpurifier.git",
"reference": "cb56001e54359df7ae76dc522d08845dc741621b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/cb56001e54359df7ae76dc522d08845dc741621b",
"reference": "cb56001e54359df7ae76dc522d08845dc741621b",
"shasum": ""
},
"require": {
"php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0"
},
"require-dev": {
"cerdic/css-tidy": "^1.7 || ^2.0",
"simpletest/simpletest": "dev-master"
},
"suggest": {
"cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
"ext-bcmath": "Used for unit conversion and imagecrash protection",
"ext-iconv": "Converts text to and from non-UTF-8 encodings",
"ext-tidy": "Used for pretty-printing HTML"
},
"type": "library",
"autoload": {
"files": [
"library/HTMLPurifier.composer.php"
],
"psr-0": {
"HTMLPurifier": "library/"
},
"exclude-from-classmap": [
"/library/HTMLPurifier/Language/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1-or-later"
],
"authors": [
{
"name": "Edward Z. Yang",
"email": "admin@htmlpurifier.org",
"homepage": "http://ezyang.com"
}
],
"description": "Standards compliant HTML filter written in PHP",
"homepage": "http://htmlpurifier.org/",
"keywords": [
"html"
],
"support": {
"issues": "https://github.com/ezyang/htmlpurifier/issues",
"source": "https://github.com/ezyang/htmlpurifier/tree/v4.18.0"
},
"time": "2024-11-01T03:51:45+00:00"
},
{ {
"name": "firebase/php-jwt", "name": "firebase/php-jwt",
"version": "v6.10.2", "version": "v6.10.2",
@@ -8330,6 +8391,72 @@
], ],
"time": "2024-03-08T11:35:19+00:00" "time": "2024-03-08T11:35:19+00:00"
}, },
{
"name": "stevebauman/purify",
"version": "v6.2.2",
"source": {
"type": "git",
"url": "https://github.com/stevebauman/purify.git",
"reference": "a449299a3d5f5f8ef177e626721b3f69143890a4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/stevebauman/purify/zipball/a449299a3d5f5f8ef177e626721b3f69143890a4",
"reference": "a449299a3d5f5f8ef177e626721b3f69143890a4",
"shasum": ""
},
"require": {
"ezyang/htmlpurifier": "^4.17",
"illuminate/contracts": "^7.0|^8.0|^9.0|^10.0|^11.0",
"illuminate/support": "^7.0|^8.0|^9.0|^10.0|^11.0",
"php": ">=7.4"
},
"require-dev": {
"orchestra/testbench": "^5.0|^6.0|^7.0|^8.0|^9.0",
"phpunit/phpunit": "^8.0|^9.0|^10.0"
},
"type": "library",
"extra": {
"laravel": {
"aliases": {
"Purify": "Stevebauman\\Purify\\Facades\\Purify"
},
"providers": [
"Stevebauman\\Purify\\PurifyServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"Stevebauman\\Purify\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Bauman",
"email": "steven_bauman@outlook.com"
}
],
"description": "An HTML Purifier / Sanitizer for Laravel",
"keywords": [
"Purifier",
"clean",
"cleaner",
"html",
"laravel",
"purification",
"purify"
],
"support": {
"issues": "https://github.com/stevebauman/purify/issues",
"source": "https://github.com/stevebauman/purify/tree/v6.2.2"
},
"time": "2024-09-24T12:27:10+00:00"
},
{ {
"name": "stripe/stripe-php", "name": "stripe/stripe-php",
"version": "v16.4.0", "version": "v16.4.0",

115
config/purify.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
use Stevebauman\Purify\Definitions\Html5Definition;
return [
/*
|--------------------------------------------------------------------------
| Default Config
|--------------------------------------------------------------------------
|
| This option defines the default config that is provided to HTMLPurifier.
|
*/
'default' => 'default',
/*
|--------------------------------------------------------------------------
| Config sets
|--------------------------------------------------------------------------
|
| Here you may configure various sets of configuration for differentiated use of HTMLPurifier.
| A specific set of configuration can be applied by calling the "config($name)" method on
| a Purify instance. Feel free to add/remove/customize these attributes as you wish.
|
| Documentation: http://htmlpurifier.org/live/configdoc/plain.html
|
| Core.Encoding The encoding to convert input to.
| HTML.Doctype Doctype to use during filtering.
| HTML.Allowed The allowed HTML Elements with their allowed attributes.
| HTML.ForbiddenElements The forbidden HTML elements. Elements that are listed in this
| string will be removed, however their content will remain.
| CSS.AllowedProperties The Allowed CSS properties.
| AutoFormat.AutoParagraph Newlines are converted in to paragraphs whenever possible.
| AutoFormat.RemoveEmpty Remove empty elements that contribute no semantic information to the document.
|
*/
'configs' => [
'default' => [
'Core.Encoding' => 'utf-8',
'HTML.Doctype' => 'HTML 4.01 Transitional',
'HTML.Allowed' => 'h1,h2,h3,h4,h5,h6,b,u,strong,i,em,s,del,a[href|title],ul,ol,li,p[style],br,span,img[width|height|alt|src],blockquote',
'HTML.ForbiddenElements' => '',
'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
'AutoFormat.AutoParagraph' => false,
'AutoFormat.RemoveEmpty' => false,
],
],
/*
|--------------------------------------------------------------------------
| HTMLPurifier definitions
|--------------------------------------------------------------------------
|
| Here you may specify a class that augments the HTML definitions used by
| HTMLPurifier. Additional HTML5 definitions are provided out of the box.
| When specifying a custom class, make sure it implements the interface:
|
| \Stevebauman\Purify\Definitions\Definition
|
| Note that these definitions are applied to every Purifier instance.
|
| Documentation: http://htmlpurifier.org/docs/enduser-customize.html
|
*/
'definitions' => Html5Definition::class,
/*
|--------------------------------------------------------------------------
| HTMLPurifier CSS definitions
|--------------------------------------------------------------------------
|
| Here you may specify a class that augments the CSS definitions used by
| HTMLPurifier. When specifying a custom class, make sure it implements
| the interface:
|
| \Stevebauman\Purify\Definitions\CssDefinition
|
| Note that these definitions are applied to every Purifier instance.
|
| CSS should be extending $definition->info['css-attribute'] = values
| See HTMLPurifier_CSSDefinition for further explanation
|
*/
'css-definitions' => null,
/*
|--------------------------------------------------------------------------
| Serializer
|--------------------------------------------------------------------------
|
| The storage implementation where HTMLPurifier can store its serializer files.
| If the filesystem cache is in use, the path must be writable through the
| storage disk by the web server, otherwise an exception will be thrown.
|
*/
'serializer' => [
'driver' => env('CACHE_STORE', env('CACHE_DRIVER', 'file')),
'cache' => \Stevebauman\Purify\Cache\CacheDefinitionCache::class,
],
// 'serializer' => [
// 'disk' => env('FILESYSTEM_DISK', 'local'),
// 'path' => 'purify',
// 'cache' => \Stevebauman\Purify\Cache\FilesystemDefinitionCache::class,
// ],
];

2
resources/views/errors/500.blade.php
View File

@@ -6,7 +6,7 @@
<p class="mt-2 text-lg leading-7 text-neutral-300">There has been an error with the following error message:</p> <p class="mt-2 text-lg leading-7 text-neutral-300">There has been an error with the following error message:</p>
@if ($exception->getMessage() !== '') @if ($exception->getMessage() !== '')
<div class="mt-6 text-sm text-red-500"> <div class="mt-6 text-sm text-red-500">
{!! Str::sanitize($exception->getMessage()) !!} {!! Purify::clean($exception->getMessage()) !!}
</div> </div>
@endif @endif
<div class="flex items-center mt-10 gap-6"> <div class="flex items-center mt-10 gap-6">