Laravel HTMLPurifier过滤base64编码的图像

时间:2018-08-05 17:32:56

标签: php laravel htmlpurifier

我正在使用Laravel HTMLPurifer过滤由ckeditor表单输入的内容。

但是,默认配置是过滤图像内容为base64编码的src的图像。

我查看了这些链接,但是其中提供的解决方案对我不起作用:

这些建议的主要问题是它们与HTMLPurifier软件包一起使用,而不是与Mews Laravel HTMLPurifier软件包一起使用。 问题Laravel Mews HTMLPurifier - add custom config

中描述了类似的情况

我已经尝试过此配置:

return [
'encoding'      => 'UTF-8',
'finalize'      => true,
'cachePath'     => storage_path('app/purifier'),
'cacheFileMode' => 0755,
'settings'      => [
    'default' => [
        'HTML.Doctype'             => 'HTML 4.01 Transitional',
        'HTML.Allowed'             => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote',
        'CSS.AllowedProperties'    => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
        'AutoFormat.AutoParagraph' => true,
        'AutoFormat.RemoveEmpty'   => true,
    ],
    'test'    => [
        'Attr.EnableID' => 'true',
    ],
    'URI' => [
        'AllowedSchemes' => [
            'data' => true
        ],
    ],
    "youtube" => [
        "HTML.SafeIframe"      => 'true',
        "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
    ],
    'custom_definition' => [
        'id'  => 'html5-definitions',
        'rev' => 1,
        'debug' => false,
        'elements' => [
            // http://developers.whatwg.org/sections.html
            ['section', 'Block', 'Flow', 'Common'],
            ['nav',     'Block', 'Flow', 'Common'],
            ['article', 'Block', 'Flow', 'Common'],
            ['aside',   'Block', 'Flow', 'Common'],
            ['header',  'Block', 'Flow', 'Common'],
            ['footer',  'Block', 'Flow', 'Common'],

            // Content model actually excludes several tags, not modelled here
            ['address', 'Block', 'Flow', 'Common'],
            ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'],

            // http://developers.whatwg.org/grouping-content.html
            ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'],
            ['figcaption', 'Inline', 'Flow', 'Common'],

            // http://developers.whatwg.org/the-video-element.html#the-video-element
            ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [
                'src' => 'URI',
                'type' => 'Text',
                'width' => 'Length',
                'height' => 'Length',
                'poster' => 'URI',
                'preload' => 'Enum#auto,metadata,none',
                'controls' => 'Bool',
            ]],
            ['source', 'Block', 'Flow', 'Common', [
                'src' => 'URI',
                'type' => 'Text',
            ]],

            // http://developers.whatwg.org/text-level-semantics.html
            ['s',    'Inline', 'Inline', 'Common'],
            ['var',  'Inline', 'Inline', 'Common'],
            ['sub',  'Inline', 'Inline', 'Common'],
            ['sup',  'Inline', 'Inline', 'Common'],
            ['mark', 'Inline', 'Inline', 'Common'],
            ['wbr',  'Inline', 'Empty', 'Core'],

            // http://developers.whatwg.org/edits.html
            ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']],
            ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']],
        ],
        'attributes' => [
            ['iframe', 'allowfullscreen', 'Bool'],
            ['table', 'height', 'Text'],
            ['td', 'border', 'Text'],
            ['th', 'border', 'Text'],
            ['tr', 'width', 'Text'],
            ['tr', 'height', 'Text'],
            ['tr', 'border', 'Text'],
        ],
    ],
    'custom_attributes' => [
        ['a', 'target', 'Enum#_blank,_self,_target,_top'],
    ],
    'custom_elements' => [
        ['u', 'Inline', 'Inline', 'Common'],
    ],
],

];

感谢您的帮助。

1 个答案:

答案 0 :(得分:1)

事实证明,问题在于URI.AllowedSchemes被放置在错误的部分。

    return [
    'encoding'      => 'UTF-8',
    'finalize'      => true,
    'cachePath'     => storage_path('app/purifier'),
    'cacheFileMode' => 0755,
    'settings'      => [
        'default' => [
            'HTML.Doctype'             => 'HTML 4.01 Transitional',
            'HTML.Allowed'             => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote',
            'CSS.AllowedProperties'    => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align',
            'AutoFormat.AutoParagraph' => true,
            'AutoFormat.RemoveEmpty'   => true,
            'URI.AllowedSchemes' => [
                'data' => true
            ],
        ],
        'test'    => [
            'Attr.EnableID' => 'true',
        ],
        "youtube" => [
            "HTML.SafeIframe"      => 'true',
            "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
        ],
        'custom_definition' => [
            'id'  => 'html5-definitions',
            'rev' => 1,
            'debug' => false,
            'elements' => [
                // http://developers.whatwg.org/sections.html
                ['section', 'Block', 'Flow', 'Common'],
                ['nav',     'Block', 'Flow', 'Common'],
                ['article', 'Block', 'Flow', 'Common'],
                ['aside',   'Block', 'Flow', 'Common'],
                ['header',  'Block', 'Flow', 'Common'],
                ['footer',  'Block', 'Flow', 'Common'],

                // Content model actually excludes several tags, not modelled here
                ['address', 'Block', 'Flow', 'Common'],
                ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'],

                // http://developers.whatwg.org/grouping-content.html
                ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'],
                ['figcaption', 'Inline', 'Flow', 'Common'],

                // http://developers.whatwg.org/the-video-element.html#the-video-element
                ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [
                    'src' => 'URI',
                    'type' => 'Text',
                    'width' => 'Length',
                    'height' => 'Length',
                    'poster' => 'URI',
                    'preload' => 'Enum#auto,metadata,none',
                    'controls' => 'Bool',
                ]],
                ['source', 'Block', 'Flow', 'Common', [
                    'src' => 'URI',
                    'type' => 'Text',
                ]],

                // http://developers.whatwg.org/text-level-semantics.html
                ['s',    'Inline', 'Inline', 'Common'],
                ['var',  'Inline', 'Inline', 'Common'],
                ['sub',  'Inline', 'Inline', 'Common'],
                ['sup',  'Inline', 'Inline', 'Common'],
                ['mark', 'Inline', 'Inline', 'Common'],
                ['wbr',  'Inline', 'Empty', 'Core'],

                // http://developers.whatwg.org/edits.html
                ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']],
                ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']],
            ],
            'attributes' => [
                ['iframe', 'allowfullscreen', 'Bool'],
                ['table', 'height', 'Text'],
                ['td', 'border', 'Text'],
                ['th', 'border', 'Text'],
                ['tr', 'width', 'Text'],
                ['tr', 'height', 'Text'],
                ['tr', 'border', 'Text'],
            ],
        ],
        'custom_attributes' => [
            ['a', 'target', 'Enum#_blank,_self,_target,_top'],
        ],
        'custom_elements' => [
            ['u', 'Inline', 'Inline', 'Common'],
        ],
    ],
]