From b7e22af48e6fed5f0a5b62b0223157d7dd19b659 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 3 Nov 2018 22:01:30 -0600 Subject: [PATCH] Add html purifier config --- config/purify.php | 141 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 config/purify.php diff --git a/config/purify.php b/config/purify.php new file mode 100644 index 000000000..b55cad9a4 --- /dev/null +++ b/config/purify.php @@ -0,0 +1,141 @@ + [ + + /* + |-------------------------------------------------------------------------- + | Core.Encoding + |-------------------------------------------------------------------------- + | + | The encoding to convert input to. + | + | http://htmlpurifier.org/live/configdoc/plain.html#Core.Encoding + | + */ + + 'Core.Encoding' => 'utf-8', + + /* + |-------------------------------------------------------------------------- + | Core.SerializerPath + |-------------------------------------------------------------------------- + | + | The HTML purifier serializer cache path. + | + | http://htmlpurifier.org/live/configdoc/plain.html#Cache.SerializerPath + | + */ + + 'Cache.SerializerPath' => storage_path('purify'), + + /* + |-------------------------------------------------------------------------- + | HTML.Doctype + |-------------------------------------------------------------------------- + | + | Doctype to use during filtering. + | + | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Doctype + | + */ + + 'HTML.Doctype' => 'XHTML 1.0 Strict', + + /* + |-------------------------------------------------------------------------- + | HTML.Allowed + |-------------------------------------------------------------------------- + | + | The allowed HTML Elements with their allowed attributes. + | + | http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed + | + */ + + 'HTML.Allowed' => 'a[href|title|rel],p', + + /* + |-------------------------------------------------------------------------- + | HTML.ForbiddenElements + |-------------------------------------------------------------------------- + | + | The forbidden HTML elements. Elements that are listed in + | this string will be removed, however their content will remain. + | + | For example if 'p' is inside the string, the string: '

Test

', + | + | Will be cleaned to: 'Test' + | + | http://htmlpurifier.org/live/configdoc/plain.html#HTML.ForbiddenElements + | + */ + + 'HTML.ForbiddenElements' => '', + + /* + |-------------------------------------------------------------------------- + | CSS.AllowedProperties + |-------------------------------------------------------------------------- + | + | The Allowed CSS properties. + | + | http://htmlpurifier.org/live/configdoc/plain.html#CSS.AllowedProperties + | + */ + + 'CSS.AllowedProperties' => '', + + /* + |-------------------------------------------------------------------------- + | AutoFormat.AutoParagraph + |-------------------------------------------------------------------------- + | + | The Allowed CSS properties. + | + | This directive turns on auto-paragraphing, where double + | newlines are converted in to paragraphs whenever possible. + | + | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.AutoParagraph + | + */ + + 'AutoFormat.AutoParagraph' => false, + + /* + |-------------------------------------------------------------------------- + | AutoFormat.RemoveEmpty + |-------------------------------------------------------------------------- + | + | When enabled, HTML Purifier will attempt to remove empty + | elements that contribute no semantic information to the document. + | + | http://htmlpurifier.org/live/configdoc/plain.html#AutoFormat.RemoveEmpty + | + */ + + 'AutoFormat.RemoveEmpty' => false, + + 'Attr.AllowedRel' => [ + 'noreferrer', + 'noopener', + 'nofollow' + ], + + ], + +];