We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4系でも使用している ezyang/htmlpurifier の導入を検討する。 PHP5.6以降のサポートだが、コードを見るかぎりはPHP5.4以降で動作しそう。
The text was updated successfully, but these errors were encountered:
modifier.script_escape.php に htmlpurifier を適用することで対応できそう
Sorry, something went wrong.
以下のようなパッチで、従来以外のパターンにも対応できそう
diff --git a/data/smarty_extends/modifier.script_escape.php b/data/smarty_extends/modifier.script_escape.php index 99885cd382..3d14551bb1 100644 --- a/data/smarty_extends/modifier.script_escape.php +++ b/data/smarty_extends/modifier.script_escape.php @@ -1,4 +1,5 @@ <?php +require_once __DIR__ . '/../vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php'; /** * Scriptタグをエスケープする * @@ -50,5 +51,10 @@ function smarty_modifier_script_escape($value) $value = preg_replace($pattern, $convert, $value); } - return $value; + // 念のために HTMLPurifier でサニタイズ + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.SerializerPath', __DIR__ . '/../cache'); + $purify = new HTMLPurifier($config); + + return $purify->purify($value ?? ''); }
Successfully merging a pull request may close this issue.
4系でも使用している ezyang/htmlpurifier の導入を検討する。
PHP5.6以降のサポートだが、コードを見るかぎりはPHP5.4以降で動作しそう。
The text was updated successfully, but these errors were encountered: