<?php
/**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
class HTML
{
- public static function sanitizeCSS($input)
- {
- $cleaned = "";
-
- $input = strtolower($input);
-
- for ($i = 0; $i < strlen($input); $i++) {
- $char = substr($input, $i, 1);
-
- if (($char >= "a") && ($char <= "z")) {
- $cleaned .= $char;
- }
-
- if (!(strpos(" #;:0123456789-_.%", $char) === false)) {
- $cleaned .= $char;
- }
- }
-
- return $cleaned;
- }
-
/**
* Search all instances of a specific HTML tag node in the provided DOM document and replaces them with BBCode text nodes.
*
*/
public static function toBBCode($message, $basepath = '')
{
+ DI::profiler()->startRecording('rendering');
$message = str_replace("\r", "", $message);
$message = Strings::performWithEscapedBlocks($message, '#<pre><code.*</code></pre>#iUs', function ($message) {
$message = mb_convert_encoding($message, 'HTML-ENTITIES', "UTF-8");
+ if (empty($message)) {
+ return '';
+ }
+
@$doc->loadHTML($message, LIBXML_HTML_NODEFDTD);
XML::deleteNode($doc, 'style');
$message = str_replace(["\n<", ">\n", "\r", "\n", "\xC3\x82\xC2\xA0"], ["<", ">", "<br />", " ", ""], $message);
$message = preg_replace('= [\s]*=i', " ", $message);
+ if (empty($message)) {
+ return '';
+ }
+
@$doc->loadHTML($message, LIBXML_HTML_NODEFDTD);
self::tagToBBCode($doc, 'html', [], "", "");
self::tagToBBCode($doc, 'video', ['src' => '/(.+)/'], '[video]$1', '[/video]', true);
self::tagToBBCode($doc, 'audio', ['src' => '/(.+)/'], '[audio]$1', '[/audio]', true);
- self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[iframe]$1', '[/iframe]', true);
+ // Backward compatibility, [iframe] support has been removed in version 2020.12
+ self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[url]$1', '[/url]', true);
self::tagToBBCode($doc, 'key', [], '[code]', '[/code]');
self::tagToBBCode($doc, 'code', [], '[code]', '[/code]');
$prefix = '[code=' . $matches[1] . ']';
}
- return $prefix . PHP_EOL . trim($matches[2]) . PHP_EOL . '[/code]';
+ return $prefix . "\n" . html_entity_decode($matches[2]) . "\n" . '[/code]';
},
$message
);
$message = self::qualifyURLs($message, $basepath);
}
+ DI::profiler()->stopRecording();
return $message;
}
*/
public static function toPlaintext(string $html, $wraplength = 75, $compact = false)
{
+ DI::profiler()->startRecording('rendering');
$message = str_replace("\r", "", $html);
$doc = new DOMDocument();
$message = mb_convert_encoding($message, 'HTML-ENTITIES', "UTF-8");
+ if (empty($message)) {
+ DI::profiler()->stopRecording();
+ return '';
+ }
+
@$doc->loadHTML($message, LIBXML_HTML_NODEFDTD);
$message = $doc->saveHTML();
// Collecting all links
$urls = self::collectURLs($message);
+ if (empty($message)) {
+ DI::profiler()->stopRecording();
+ return '';
+ }
+
@$doc->loadHTML($message, LIBXML_HTML_NODEFDTD);
self::tagToBBCode($doc, 'html', [], '', '');
self::tagToBBCode($doc, 'img', ['src' => '/(.+)/'], ' ', ' ');
}
+ // Backward compatibility, [iframe] support has been removed in version 2020.12
self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], ' $1 ', '');
$message = $doc->saveHTML();
$message = self::quoteLevel(trim($message), $wraplength);
+ DI::profiler()->stopRecording();
return trim($message);
}
*/
public static function toMarkdown($html)
{
+ DI::profiler()->startRecording('rendering');
$converter = new HtmlConverter(['hard_break' => true]);
$markdown = $converter->convert($html);
+ DI::profiler()->stopRecording();
return $markdown;
}
return $text;
}
- /**
- * return div element with class 'clear'
- * @return string
- * @deprecated
- */
- public static function clearDiv()
- {
- return '<div class="clear"></div>';
- }
-
/**
* Loader for infinite scrolling
*
]);
}
- /**
- * Get html for contact block.
- *
- * @deprecated since version 2019.03
- * @see ContactBlock::getHTML()
- * @return string
- * @throws \Friendica\Network\HTTPException\InternalServerErrorException
- * @throws \ImagickException
- */
- public static function contactBlock()
- {
- $a = DI::app();
-
- return ContactBlock::getHTML($a->profile);
- }
-
/**
* Format contacts as picture links or as text links
*
$redir = false;
if ($redirect) {
- $url = Contact::magicLink($contact['url']);
+ $url = Contact::magicLinkByContact($contact);
if (strpos($url, 'redir/') === 0) {
$sparkle = ' sparkle';
}
{
return str_replace('&', '&', $s);
}
+
+ /**
+ * Clean an HTML text for potentially harmful code
+ *
+ * @param string $text
+ * @param array $allowedIframeDomains List of allowed iframe source domains without the scheme
+ * @return string
+ */
+ public static function purify(string $text, array $allowedIframeDomains = []): string
+ {
+ // Allows cid: URL scheme
+ \HTMLPurifier_URISchemeRegistry::instance()->register('cid', new HTMLPurifier_URIScheme_cid());
+
+ $config = \HTMLPurifier_HTML5Config::createDefault();
+ $config->set('HTML.Doctype', 'HTML5');
+
+ // Used to remove iframe with src attribute filtered out
+ $config->set('AutoFormat.RemoveEmpty', true);
+
+ $config->set('HTML.SafeIframe', true);
+
+ array_walk($allowedIframeDomains, function (&$domain) {
+ // Allow the domain and all its eventual sub-domains
+ $domain = '(?:(?!-)[A-Za-z0-9-]{1,63}(?<!-)\.)*' . preg_quote(trim($domain, '/'), '%');
+ });
+
+ $config->set('URI.SafeIframeRegexp',
+ '%^https://(?:
+ ' . implode('|', $allowedIframeDomains) . '
+ )
+ (?:/|$) # Prevents bogus domains like youtube.com.fake.tld
+ %xi'
+ );
+
+ $config->set('Attr.AllowedRel', [
+ 'noreferrer' => true,
+ 'noopener' => true,
+ 'tag' => true,
+ ]);
+ $config->set('Attr.AllowedFrameTargets', [
+ '_blank' => true,
+ ]);
+
+ $config->set('AutoFormat.RemoveEmpty.Predicate', [
+ 'colgroup' => [], // |
+ 'th' => [], // |
+ 'td' => [], // |
+ 'iframe' => ['src'], // ↳ Default HTMLPurify values
+ 'i' => ['class'], // Allows forkawesome icons
+ ]);
+
+ // Uncomment to debug HTMLPurifier behavior
+ //$config->set('Core.CollectErrors', true);
+ //$config->set('Core.MaintainLineNumbers', true);
+
+ $HTMLPurifier = new \HTMLPurifier($config);
+
+ $text = $HTMLPurifier->purify($text);
+
+ /** @var \HTMLPurifier_ErrorCollector $errorCollector */
+ // Uncomment to debug HTML Purifier behavior
+ //$errorCollector = $HTMLPurifier->context->get('ErrorCollector');
+ //var_dump($errorCollector->getRaw());
+
+ return $text;
+ }
}
projects / friendica.git / blobdiff