pixelfed/config/purify.php

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Settings
    |--------------------------------------------------------------------------
    |
    | The configuration settings array is passed directly to HTMLPurifier.
    |
    | Feel free to add / remove / customize these attributes as you wish.
    |
    | Documentation: http://htmlpurifier.org/live/configdoc/plain.html
    |
    */

    'settings' => [

        /*
        |--------------------------------------------------------------------------
        | Core.Encoding
        |--------------------------------------------------------------------------
        |
        | The encoding to convert input to.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#Core.Encoding
        |
        */

        'Core.Encoding' => 'utf-8',

        /*
        |--------------------------------------------------------------------------
        | Core.SerializerPath
        |--------------------------------------------------------------------------
        |
        | The HTML purifier serializer cache path.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath
        |
        */

        'Cache.SerializerPath' => storage_path('purify'),

        /*
        |--------------------------------------------------------------------------
        | HTML.Doctype
        |--------------------------------------------------------------------------
        |
        | Doctype to use during filtering.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Doctype
        |
        */

        'HTML.Doctype' => 'XHTML 1.0 Transitional',

        /*
        |--------------------------------------------------------------------------
        | HTML.Allowed
        |--------------------------------------------------------------------------
        |
        | The allowed HTML Elements with their allowed attributes.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed
        |
        */

        'HTML.Allowed' => env('RESTRICT_HTML_TYPES', true) ? 
            'a[href|title|rel|class],p[class],span[class],br' :
            'a[href|title|rel|class],p[class],span[class],strong,em,del,b,i,s,strike,h1,h2,h3,h4,h5,h6,ul,ol,li,br',


        /*
        |--------------------------------------------------------------------------
        | HTML.ForbiddenElements
        |--------------------------------------------------------------------------
        |
        | The forbidden HTML elements. Elements that are listed in
        | this string will be removed, however their content will remain.
        |
        | For example if 'p' is inside the string, the string: '<p>Test</p>',
        |
        | Will be cleaned to: 'Test'
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#HTML.ForbiddenElements
        |
        */

        'HTML.ForbiddenElements' => '',

        /*
        |--------------------------------------------------------------------------
        | CSS.AllowedProperties
        |--------------------------------------------------------------------------
        |
        | The Allowed CSS properties.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#CSS.AllowedProperties
        |
        */

        'CSS.AllowedProperties' => '',

        /*
        |--------------------------------------------------------------------------
        | AutoFormat.AutoParagraph
        |--------------------------------------------------------------------------
        |
        | The Allowed CSS properties.
        |
        | This directive turns on auto-paragraphing, where double
        | newlines are converted in to paragraphs whenever possible.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.AutoParagraph
        |
        */

        'AutoFormat.AutoParagraph' => false,

        /*
        |--------------------------------------------------------------------------
        | AutoFormat.RemoveEmpty
        |--------------------------------------------------------------------------
        |
        | When enabled, HTML Purifier will attempt to remove empty
        | elements that contribute no semantic information to the document.
        |
        | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.RemoveEmpty
        |
        */

        'AutoFormat.RemoveEmpty' => false,

        'Attr.AllowedClasses' => [
            'h-feed',
            'h-entry',
            'h-cite',
            'h-card',
            'p-author',
            'p-name',
            'p-in-reply-to',
            'p-repost-of',
            'p-comment',
            'u-photo',
            'u-uid',
            'u-url',
            'dt-published',
            'e-content',
            'mention',
            'hashtag',
            'ellipsis',
            'invisible'
        ],

        'Attr.AllowedRel' => [
            'noreferrer',
            'noopener',
            'nofollow'
        ],

        'HTML.TargetBlank' => true,

        'HTML.Nofollow' => true,

        'URI.DefaultScheme' => 'https',

        'URI.DisableExternalResources' => true,

        'URI.DisableResources' => true,

        'URI.AllowedSchemes' => [
            'http' => true,
            'https' => true,
        ],

        'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],

    ],

];
Add html purifier config 2018-11-04 04:01:30 +00:00			`<?php`

			`return [`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Settings`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The configuration settings array is passed directly to HTMLPurifier.`
			`\|`
			`\| Feel free to add / remove / customize these attributes as you wish.`
			`\|`
			`\| Documentation: http://htmlpurifier.org/live/configdoc/plain.html`
			`\|`
			`*/`

			`'settings' => [`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Core.Encoding`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The encoding to convert input to.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#Core.Encoding`
			`\|`
			`*/`

			`'Core.Encoding' => 'utf-8',`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Core.SerializerPath`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The HTML purifier serializer cache path.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath`
			`\|`
			`*/`

			`'Cache.SerializerPath' => storage_path('purify'),`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| HTML.Doctype`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Doctype to use during filtering.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#HTML.Doctype`
			`\|`
			`*/`

Update HTML Purifier config 2019-01-31 21:01:32 +00:00			`'HTML.Doctype' => 'XHTML 1.0 Transitional',`
Add html purifier config 2018-11-04 04:01:30 +00:00
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| HTML.Allowed`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The allowed HTML Elements with their allowed attributes.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed`
			`\|`
			`*/`

Rename .env var, based on feedback from https://mastodon.social/users/alicerunsonfedora/statuses/101978263084840936 2019-04-24 00:30:50 +00:00			`'HTML.Allowed' => env('RESTRICT_HTML_TYPES', true) ?`
Update purify config, fix microformats support 2020-04-27 05:10:21 +00:00			`'a[href\|title\|rel\|class],p[class],span[class],br' :`
			`'a[href\|title\|rel\|class],p[class],span[class],strong,em,del,b,i,s,strike,h1,h2,h3,h4,h5,h6,ul,ol,li,br',`
Update html purifier config 2019-04-23 23:58:46 +00:00
Add html purifier config 2018-11-04 04:01:30 +00:00
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| HTML.ForbiddenElements`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The forbidden HTML elements. Elements that are listed in`
			`\| this string will be removed, however their content will remain.`
			`\|`
			`\| For example if 'p' is inside the string, the string: '<p>Test</p>',`
			`\|`
			`\| Will be cleaned to: 'Test'`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#HTML.ForbiddenElements`
			`\|`
			`*/`

			`'HTML.ForbiddenElements' => '',`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| CSS.AllowedProperties`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The Allowed CSS properties.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#CSS.AllowedProperties`
			`\|`
			`*/`

			`'CSS.AllowedProperties' => '',`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| AutoFormat.AutoParagraph`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| The Allowed CSS properties.`
			`\|`
			`\| This directive turns on auto-paragraphing, where double`
			`\| newlines are converted in to paragraphs whenever possible.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.AutoParagraph`
			`\|`
			`*/`

			`'AutoFormat.AutoParagraph' => false,`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| AutoFormat.RemoveEmpty`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| When enabled, HTML Purifier will attempt to remove empty`
			`\| elements that contribute no semantic information to the document.`
			`\|`
			`\| http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.RemoveEmpty`
			`\|`
			`*/`

			`'AutoFormat.RemoveEmpty' => false,`

Update purify config, fix microformats support 2020-04-27 05:10:21 +00:00			`'Attr.AllowedClasses' => [`
			`'h-feed',`
			`'h-entry',`
			`'h-cite',`
			`'h-card',`
			`'p-author',`
			`'p-name',`
			`'p-in-reply-to',`
			`'p-repost-of',`
			`'p-comment',`
			`'u-photo',`
			`'u-uid',`
			`'u-url',`
			`'dt-published',`
			`'e-content',`
			`'mention',`
			`'hashtag',`
			`'ellipsis',`
			`'invisible'`
			`],`

Add html purifier config 2018-11-04 04:01:30 +00:00			`'Attr.AllowedRel' => [`
			`'noreferrer',`
			`'noopener',`
			`'nofollow'`
			`],`

Update html purifier config 2019-04-23 23:58:46 +00:00			`'HTML.TargetBlank' => true,`

			`'HTML.Nofollow' => true,`

			`'URI.DefaultScheme' => 'https',`

			`'URI.DisableExternalResources' => true,`

			`'URI.DisableResources' => true,`

			`'URI.AllowedSchemes' => [`
			`'http' => true,`
			`'https' => true,`
			`],`

			`'URI.HostBlacklist' => config('costar.enabled') ? config('costar.domain.block') : [],`

Add html purifier config 2018-11-04 04:01:30 +00:00			`],`

			`];`