fix for src being removed from img with relative urls, added iframe to

allowed html

brain/data/Contents.inc.php

@@ -7,6 +7,11 @@ use League\CommonMark\Extension\FrontMatter\FrontMatterExtension;
 use League\CommonMark\Extension\FrontMatter\Output\RenderedContentWithFrontMatter;
 use League\CommonMark\MarkdownConverter;
 use League\CommonMark\CommonMarkConverter;
+
+use HtmlSanitizer\Extension\Basic\BasicExtension;
+use HtmlSanitizer\Extension\Iframe\IframeExtension;
+use HtmlSanitizer\SanitizerBuilder;
+
 use function _\orderBy;
 
 class Contents
@@ -63,16 +68,35 @@ class Contents
         ->parse(file_get_contents($file));
 
       //never trust the front end. clean it up
-      $sanitizer = HtmlSanitizer\Sanitizer::create([
+
-        "extensions" => ["basic", "image", "list", "code"],
+      $builder = new SanitizerBuilder();
+      $builder->registerExtension(new BasicExtension());
+      $builder->registerExtension(new IframeExtension());
+
+      //relative-a and relative-image
+      $builder->registerExtension(
+        new \HtmlSanitizer\Extension\Relative\A\AExtension()
+      );
+      $builder->registerExtension(
+        new \HtmlSanitizer\Extension\Relative\Image\ImageExtension()
+      );
+
+      $detergent = [
+        "extensions" => ["basic", "relative-a", "relative-image", "iframe"],
         "tags" => [
+          "div" => [
+            "allowed_attributes" => ["class", "title"],
+          ],
           "img" => [
             "allowed_attributes" => ["src", "alt", "title", "class"],
-            "allowed_hosts" => null,
+          ],
-            "allow_relative_links" => true,
+          "iframe" => [
+            "allowed_attributes" => ["height", "width", "title", "src"],
           ],
         ],
-      ]);
+      ];
+
+      $sanitizer = $builder->build($detergent);
 
       $scrubbed = $sanitizer->sanitize($result->getContent());
 

composer.json

@@ -26,6 +26,7 @@
     "tgalopin/html-sanitizer": "^1.4",
     "phpmailer/phpmailer": "^6.4",
     "league/commonmark": "^2.1",
-    "symfony/yaml": "^5.4"
+    "symfony/yaml": "^5.4",
+    "olegatro/html-sanitizer-relative": "^1.0"
   }
 }

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "aaecaa98ed680188418b8aff96553235",
+    "content-hash": "cfedfb006726f5c6b4bac05285ccf5e8",
     "packages": [
         {
             "name": "dflydev/dot-access-data",
@@ -858,6 +858,48 @@
             },
             "time": "2018-02-13T20:26:39+00:00"
         },
+        {
+            "name": "olegatro/html-sanitizer-relative",
+            "version": "1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/olegatro/html-sanitizer-relative.git",
+                "reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/olegatro/html-sanitizer-relative/zipball/1a4d4683c0c162653da6dcfe6050476dd8bfc026",
+                "reference": "1a4d4683c0c162653da6dcfe6050476dd8bfc026",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "php": ">=7.1",
+                "tgalopin/html-sanitizer": "^1.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "HtmlSanitizer\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Oleg Scherbakov",
+                    "email": "shcherbakov.oleg88@gmail.com"
+                }
+            ],
+            "description": "Extension for html-sanitizer library by allowing relative urls in the A and Image tags",
+            "support": {
+                "issues": "https://github.com/olegatro/html-sanitizer-relative/issues",
+                "source": "https://github.com/olegatro/html-sanitizer-relative/tree/1.0.0"
+            },
+            "time": "2021-02-05T13:39:44+00:00"
+        },
         {
             "name": "phpmailer/phpmailer",
             "version": "v6.5.1",

package.json

@@ -31,7 +31,8 @@
   "license": "UNLICENSED",
   "author": "Are0h",
   "scripts": {
-    "watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
+    "watch": "sass --watch src/styles:public/assets/css & npx parcel watch src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts",
+    "build": "sass src/styles:public/assets/css & npx parcel build src/com/Start.js --dist-dir public/assets/scripts --public-url /assets/scripts"
   },
   "description": "Front end script for the most chill blog framework ever.",
   "repository": "https://code.playvicio.us/Are0h/Fipamo"