framework

mirror of https://github.com/flarum/framework.git synced 2024-12-13 07:03:35 +08:00

Simple forum software for building great communities.

community flarum forum hacktoberfest javascript laravel php

Go to file

Toby Zerner c42627b46d Add HTMLPurifier after formatters are run. After a morning of searching, it seems there is no PHP Markdown library that has built-in XSS/sanitization support. The recommended solution is to use HTMLPurifier. This actually works out OK, though, as it’s probably a good idea to enforce sanitization regardless of which formatters are enabled, and to not leave them with the responsibility of sanitization (it’s a big responsibility). Since we cache rendered posts, the slow speed of HTMLPurifier isn’t a concern. Note that HTMLPurifier requires a file to be loaded by Composer, but Studio does not yet support this, so for now I have included it manually.	2015-06-02 11:36:25 +09:30
framework/core	Add HTMLPurifier after formatters are run.	2015-06-02 11:36:25 +09:30

Toby Zerner c42627b46d Add HTMLPurifier after formatters are run.

After a morning of searching, it seems there is no PHP Markdown library
that has built-in XSS/sanitization support. The recommended solution is
to use HTMLPurifier.

This actually works out OK, though, as it’s probably a good idea to
enforce sanitization regardless of which formatters are enabled, and to
not leave them with the responsibility of sanitization (it’s a big
responsibility). Since we cache rendered posts, the slow speed of
HTMLPurifier isn’t a concern.

Note that HTMLPurifier requires a file to be loaded by Composer, but
Studio does not yet support this, so for now I have included it
manually.

2015-06-02 11:36:25 +09:30

framework/core

Add HTMLPurifier after formatters are run.

2015-06-02 11:36:25 +09:30