Skip to content

Commit

Permalink
default modifiers に HTMLPurifier を適用する
Browse files Browse the repository at this point in the history
  • Loading branch information
nanasess committed Nov 22, 2024
1 parent 9f29fb7 commit f942d2b
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion data/smarty_extends/modifier.script_escape.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php
require_once __DIR__ . '/../vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php';
/**
* Scriptタグをエスケープする
*
Expand Down Expand Up @@ -50,5 +51,10 @@ function smarty_modifier_script_escape($value)
$value = preg_replace($pattern, $convert, $value);
}

return $value;
// 念のために HTMLPurifier でサニタイズ
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.SerializerPath', __DIR__ . '/../cache');
$purify = new HTMLPurifier($config);

return $purify->purify($value ?? '');
}

0 comments on commit f942d2b

Please sign in to comment.