diff --git a/app-modules/event-importer/src/Services/Concerns/AbstractEventHandler.php b/app-modules/event-importer/src/Services/Concerns/AbstractEventHandler.php index 7315a05d..c2c1b1e3 100644 --- a/app-modules/event-importer/src/Services/Concerns/AbstractEventHandler.php +++ b/app-modules/event-importer/src/Services/Concerns/AbstractEventHandler.php @@ -6,6 +6,7 @@ use HackGreenville\EventImporter\Data\EventData; use HackGreenville\EventImporter\Data\VenueData; use Illuminate\Support\Collection; +use Mews\Purifier\Facades\Purifier; abstract class AbstractEventHandler { @@ -36,4 +37,10 @@ public function getPaginatedData(int $page): array $this->page_count, ]; } + + /** @return string */ + public function sanitize_description(string $description_text): string + { + return Purifier::clean($description_text); + } } diff --git a/app-modules/event-importer/src/Services/EventBriteHandler.php b/app-modules/event-importer/src/Services/EventBriteHandler.php index 3c008ec0..aa12f224 100644 --- a/app-modules/event-importer/src/Services/EventBriteHandler.php +++ b/app-modules/event-importer/src/Services/EventBriteHandler.php @@ -23,7 +23,7 @@ protected function mapIntoEventData(array $data): EventData 'service_id' => $data['id'], 'name' => $data['name']['text'], - 'description' => $data['description']['text'], + 'description' => $this->sanitize_description($data['description']['text']), 'url' => $data['url'], 'starts_at' => Carbon::parse($data['start']['local']), // Yes "canceled" is misspelled diff --git a/app-modules/event-importer/src/Services/MeetupRestHandler.php b/app-modules/event-importer/src/Services/MeetupRestHandler.php index 9534f223..32216484 100644 --- a/app-modules/event-importer/src/Services/MeetupRestHandler.php +++ b/app-modules/event-importer/src/Services/MeetupRestHandler.php @@ -46,7 +46,7 @@ protected function mapIntoEventData(array $data): EventData return EventData::from([ 'id' => $data['id'], 'name' => $data['name'], - 'description' => $data['description'], + 'description' => $this->sanitize_description($data['description']), 'url' => $data['link'], 'starts_at' => Carbon::createFromTimestampMs($data['time']), 'event_type' => match ($data['eventType']) { diff --git a/composer.json b/composer.json index 175e4470..0e85fbd9 100644 --- a/composer.json +++ b/composer.json @@ -24,6 +24,7 @@ "laravel/ui": "v4.2.2", "laravelcollective/html": "^6.3", "livewire/livewire": "^2.12", + "mews/purifier": "^3.4", "scyllaly/hcaptcha": "^4.4", "spatie/laravel-data": "*", "spatie/laravel-google-calendar": "^3.0" diff --git a/composer.lock b/composer.lock index 90b60005..c75840c3 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "55120ce828acdb08b05e2810109401cc", + "content-hash": "f6191514de7ad81c1d6553c6ab7eee77", "packages": [ { "name": "brick/math", @@ -1109,6 +1109,67 @@ ], "time": "2023-01-14T14:17:03+00:00" }, + { + "name": "ezyang/htmlpurifier", + "version": "v4.17.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "bbc513d79acf6691fa9cf10f192c90dd2957f18c" + }, + "dist": { + "type": "zip", + "url": "https://github.com/repos/ezyang/htmlpurifier/zipball/bbc513d79acf6691fa9cf10f192c90dd2957f18c", + "reference": "bbc513d79acf6691fa9cf10f192c90dd2957f18c", + "shasum": "" + }, + "require": { + "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0" + }, + "require-dev": { + "cerdic/css-tidy": "^1.7 || ^2.0", + "simpletest/simpletest": "dev-master" + }, + "suggest": { + "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.", + "ext-bcmath": "Used for unit conversion and imagecrash protection", + "ext-iconv": "Converts text to and from non-UTF-8 encodings", + "ext-tidy": "Used for pretty-printing HTML" + }, + "type": "library", + "autoload": { + "files": [ + "library/HTMLPurifier.composer.php" + ], + "psr-0": { + "HTMLPurifier": "library/" + }, + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "support": { + "issues": "https://github.com/ezyang/htmlpurifier/issues", + "source": "https://github.com/ezyang/htmlpurifier/tree/v4.17.0" + }, + "time": "2023-11-17T15:01:25+00:00" + }, { "name": "firebase/php-jwt", "version": "v6.8.0", @@ -3399,6 +3460,84 @@ ], "time": "2023-03-03T20:12:38+00:00" }, + { + "name": "mews/purifier", + "version": "3.4.1", + "source": { + "type": "git", + "url": "https://github.com/mewebstudio/Purifier.git", + "reference": "48e7bddc18140412d7cd815b6eea2fc7a141c432" + }, + "dist": { + "type": "zip", + "url": "https://github.com/repos/mewebstudio/Purifier/zipball/48e7bddc18140412d7cd815b6eea2fc7a141c432", + "reference": "48e7bddc18140412d7cd815b6eea2fc7a141c432", + "shasum": "" + }, + "require": { + "ezyang/htmlpurifier": "^4.16.0", + "illuminate/config": "^5.8|^6.0|^7.0|^8.0|^9.0|^10.0", + "illuminate/filesystem": "^5.8|^6.0|^7.0|^8.0|^9.0|^10.0", + "illuminate/support": "^5.8|^6.0|^7.0|^8.0|^9.0|^10.0", + "php": "^7.2|^8.0" + }, + "require-dev": { + "graham-campbell/testbench": "^3.2|^5.5.1", + "mockery/mockery": "^1.3.3", + "phpunit/phpunit": "^8.0|^9.0|^10.0" + }, + "suggest": { + "laravel/framework": "To test the Laravel bindings", + "laravel/lumen-framework": "To test the Lumen bindings" + }, + "type": "package", + "extra": { + "laravel": { + "providers": [ + "Mews\\Purifier\\PurifierServiceProvider" + ], + "aliases": { + "Purifier": "Mews\\Purifier\\Facades\\Purifier" + } + } + }, + "autoload": { + "files": [ + "src/helpers.php" + ], + "psr-4": { + "Mews\\Purifier\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Muharrem ERİN", + "email": "me@mewebstudio.com", + "homepage": "https://github.com/mewebstudio", + "role": "Developer" + } + ], + "description": "Laravel 5/6/7/8/9/10 HtmlPurifier Package", + "homepage": "https://github.com/mewebstudio/purifier", + "keywords": [ + "Laravel Purifier", + "Laravel Security", + "Purifier", + "htmlpurifier", + "laravel HtmlPurifier", + "security", + "xss" + ], + "support": { + "issues": "https://github.com/mewebstudio/Purifier/issues", + "source": "https://github.com/mewebstudio/Purifier/tree/3.4.1" + }, + "time": "2023-03-14T08:28:28+00:00" + }, { "name": "monolog/monolog", "version": "3.4.0", @@ -12459,5 +12598,5 @@ "ext-pdo_sqlite": "*", "ext-sqlite3": "*" }, - "plugin-api-version": "2.3.0" + "plugin-api-version": "2.6.0" }