diff --git a/composer.json b/composer.json
index 0ab0a7043..8bf17a5f5 100755
--- a/composer.json
+++ b/composer.json
@@ -8,16 +8,17 @@
"php": ">=7.2.5",
"doctrine/dbal": "^2.9",
"fideloper/proxy": "^4.2",
+ "guzzlehttp/guzzle": "^6.3",
"lab404/laravel-impersonate": "1.6.0",
"laravel/cashier": "^11.0",
- "guzzlehttp/guzzle": "^6.3",
"laravel/framework": "^7.0",
"laravel/passport": "^9.1.0",
"laravel/tinker": "^2.0",
- "maatwebsite/excel": "^3.1",
"laravel/ui": "2.0.3",
+ "maatwebsite/excel": "^3.1",
"mavinoo/laravel-batch": "2.1.9",
- "renatomarinho/laravel-page-speed": "^1.8"
+ "renatomarinho/laravel-page-speed": "^1.8",
+ "stevebauman/purify": "^4.0"
},
"require-dev": {
"facade/ignition": "^2.0",
diff --git a/composer.lock b/composer.lock
index 2ba4816c3..ceebdfe65 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "1479522b5635249a9c292e603d97f063",
+ "content-hash": "61903a45b1cf4a92bde4ba68df7a848d",
"packages": [
{
"name": "brick/math",
@@ -791,6 +791,60 @@
],
"time": "2020-12-29T14:50:06+00:00"
},
+ {
+ "name": "ezyang/htmlpurifier",
+ "version": "v4.13.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/ezyang/htmlpurifier.git",
+ "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/08e27c97e4c6ed02f37c5b2b20488046c8d90d75",
+ "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.2"
+ },
+ "require-dev": {
+ "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-0": {
+ "HTMLPurifier": "library/"
+ },
+ "files": [
+ "library/HTMLPurifier.composer.php"
+ ],
+ "exclude-from-classmap": [
+ "/library/HTMLPurifier/Language/"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "LGPL-2.1-or-later"
+ ],
+ "authors": [
+ {
+ "name": "Edward Z. Yang",
+ "email": "admin@htmlpurifier.org",
+ "homepage": "http://ezyang.com"
+ }
+ ],
+ "description": "Standards compliant HTML filter written in PHP",
+ "homepage": "http://htmlpurifier.org/",
+ "keywords": [
+ "html"
+ ],
+ "support": {
+ "issues": "https://github.com/ezyang/htmlpurifier/issues",
+ "source": "https://github.com/ezyang/htmlpurifier/tree/master"
+ },
+ "time": "2020-06-29T00:56:53+00:00"
+ },
{
"name": "fideloper/proxy",
"version": "4.4.0",
@@ -4106,6 +4160,71 @@
],
"time": "2020-06-01T09:10:00+00:00"
},
+ {
+ "name": "stevebauman/purify",
+ "version": "v4.0.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/stevebauman/purify.git",
+ "reference": "823ad75e35f94139ca99701dcbdab9851ad52105"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/stevebauman/purify/zipball/823ad75e35f94139ca99701dcbdab9851ad52105",
+ "reference": "823ad75e35f94139ca99701dcbdab9851ad52105",
+ "shasum": ""
+ },
+ "require": {
+ "ezyang/htmlpurifier": "^4.9.0",
+ "illuminate/support": "~5.5|~6.0|~7.0|~8.0",
+ "php": ">=7.1"
+ },
+ "require-dev": {
+ "orchestra/testbench": "~3.7",
+ "phpunit/phpunit": "~7.0"
+ },
+ "type": "library",
+ "extra": {
+ "laravel": {
+ "providers": [
+ "Stevebauman\\Purify\\PurifyServiceProvider"
+ ],
+ "aliases": {
+ "Purify": "Stevebauman\\Purify\\Facades\\Purify"
+ }
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "Stevebauman\\Purify\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Steve Bauman",
+ "email": "steven_bauman@outlook.com"
+ }
+ ],
+ "description": "An HTML Purifier / Sanitizer for Laravel",
+ "keywords": [
+ "Purifier",
+ "clean",
+ "cleaner",
+ "html",
+ "laravel",
+ "purification",
+ "purify"
+ ],
+ "support": {
+ "issues": "https://github.com/stevebauman/purify/issues",
+ "source": "https://github.com/stevebauman/purify/tree/v4.0.0"
+ },
+ "time": "2021-01-07T22:44:04+00:00"
+ },
{
"name": "stripe/stripe-php",
"version": "v7.43.0",
@@ -9825,5 +9944,5 @@
"php": ">=7.2.5"
},
"platform-dev": [],
- "plugin-api-version": "1.1.0"
+ "plugin-api-version": "2.0.0"
}
diff --git a/config/purify.php b/config/purify.php
new file mode 100644
index 000000000..2089d15ca
--- /dev/null
+++ b/config/purify.php
@@ -0,0 +1,135 @@
+ [
+
+ /*
+ |--------------------------------------------------------------------------
+ | Core.Encoding
+ |--------------------------------------------------------------------------
+ |
+ | The encoding to convert input to.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#Core.Encoding
+ |
+ */
+
+ 'Core.Encoding' => 'utf-8',
+
+ /*
+ |--------------------------------------------------------------------------
+ | Core.SerializerPath
+ |--------------------------------------------------------------------------
+ |
+ | The HTML purifier serializer cache path.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath
+ |
+ */
+
+ 'Cache.SerializerPath' => storage_path('app/purify'),
+
+ /*
+ |--------------------------------------------------------------------------
+ | HTML.Doctype
+ |--------------------------------------------------------------------------
+ |
+ | Doctype to use during filtering.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Doctype
+ |
+ */
+
+ 'HTML.Doctype' => 'XHTML 1.0 Strict',
+
+ /*
+ |--------------------------------------------------------------------------
+ | HTML.Allowed
+ |--------------------------------------------------------------------------
+ |
+ | The allowed HTML Elements with their allowed attributes.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed
+ |
+ */
+
+ 'HTML.Allowed' => 'h1,h2,h3,h4,h5,h6,b,strong,i,em,a[href|title],ul,ol,li,p[style],br,span,img[width|height|alt|src]',
+
+ /*
+ |--------------------------------------------------------------------------
+ | HTML.ForbiddenElements
+ |--------------------------------------------------------------------------
+ |
+ | The forbidden HTML elements. Elements that are listed in
+ | this string will be removed, however their content will remain.
+ |
+ | For example if 'p' is inside the string, the string: 'Test
',
+ |
+ | Will be cleaned to: 'Test'
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#HTML.ForbiddenElements
+ |
+ */
+
+ 'HTML.ForbiddenElements' => '',
+
+ /*
+ |--------------------------------------------------------------------------
+ | CSS.AllowedProperties
+ |--------------------------------------------------------------------------
+ |
+ | The Allowed CSS properties.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#CSS.AllowedProperties
+ |
+ */
+
+ 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
+
+ /*
+ |--------------------------------------------------------------------------
+ | AutoFormat.AutoParagraph
+ |--------------------------------------------------------------------------
+ |
+ | The Allowed CSS properties.
+ |
+ | This directive turns on auto-paragraphing, where double
+ | newlines are converted in to paragraphs whenever possible.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.AutoParagraph
+ |
+ */
+
+ 'AutoFormat.AutoParagraph' => false,
+
+ /*
+ |--------------------------------------------------------------------------
+ | AutoFormat.RemoveEmpty
+ |--------------------------------------------------------------------------
+ |
+ | When enabled, HTML Purifier will attempt to remove empty
+ | elements that contribute no semantic information to the document.
+ |
+ | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.RemoveEmpty
+ |
+ */
+
+ 'AutoFormat.RemoveEmpty' => false,
+
+ ],
+
+];
diff --git a/resources/views/message/all.blade.php b/resources/views/message/all.blade.php
index a8ed7093e..b0946d61c 100755
--- a/resources/views/message/all.blade.php
+++ b/resources/views/message/all.blade.php
@@ -57,7 +57,7 @@
@else
@lang('Seen')
@endif
- {!!$message->message!!}
+ {!!Purify::clean($message->message)!!}
{{$message->created_at}}