fix: corrected HTML sanitizer configuration (#2497)

thorsten · Jun 10, 2023 · 0a904c1 · 0a904c1
1 parent ee7fa51
commit 0a904c1
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
@@ -247,7 +247,18 @@ public function createFaqTranslationLinkList(int $faqId, string $faqLang): strin
      */
     public function cleanUpContent(string $content): string
     {
-        $htmlSanitizer = Sanitizer::create(['extensions' => ['basic']]);
+        $htmlSanitizer = Sanitizer::create(
+            [
+                'extensions' => [
+                    'basic', 'code', 'image', 'list', 'table', 'iframe', 'details', 'extra'
+                ],
+                'tags' => [
+                    'img' => [
+                        'allowed_attributes' => ['src', 'alt', 'title', 'class', 'width', 'height'],
+                    ],
+                ]
+            ]
+        );
 
         return $htmlSanitizer->sanitize($content);
     }