mirror of https://github.com/flarum/framework.git synced 2025-02-24 11:11:11 +08:00

Go to file

Toby Zerner 6cf1dbe648 Add HTMLPurifier after formatters are run.

After a morning of searching, it seems there is no PHP Markdown library
that has built-in XSS/sanitization support. The recommended solution is
to use HTMLPurifier.

This actually works out OK, though, as it’s probably a good idea to
enforce sanitization regardless of which formatters are enabled, and to
not leave them with the responsibility of sanitization (it’s a big
responsibility). Since we cache rendered posts, the slow speed of
HTMLPurifier isn’t a concern.

Note that HTMLPurifier requires a file to be loaded by Composer, but
Studio does not yet support this, so for now I have included it
manually.

2015-06-02 11:36:25 +09:30

Use icon instead in composer title when replying to another thread

2015-06-01 17:55:05 +09:30

less

Make user activity posts more compact

2015-06-01 17:55:13 +09:30

migrations

Improvements to change/forgot password

2015-05-27 16:25:44 +09:30

public/fonts

Don't ignore FontAwesome fonts

2015-03-30 15:50:36 +10:30