Initial commit

Author: mueller-sebastian

Classes/Service/PurifyService.php

@@ -0,0 +1,54 @@
+<?php
+declare(strict_types=1);
+
+namespace ElementareTeilchen\HtmlPurify\Service;
+
+/**
+ * This file is part of the "html_purify" Extension for TYPO3 CMS.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ */
+
+/**
+ * Service for purifying HTML content
+ */
+class PurifyService
+{
+    /**
+     * @param string $htmlContent HTML content which should be purified by only keeping allowed HTML tags
+     * @param string|null $allowedHtmlTags Comma separated list of allowed HTML tags
+     *
+     * @return string
+     */
+    public static function purify(string $htmlContent, ?string $allowedHtmlTags = null) : string
+    {
+        // if there is no content, we do not proceed
+        if (\trim($htmlContent) === '') {
+            return $htmlContent;
+        }
+
+        // if there are no allowed HTML tags provided, use default
+        if (\is_null($allowedHtmlTags) || $allowedHtmlTags === '') {
+            $allowedHtmlTags = 'h1,h2,h3,p,strong,br,i,a[href],ol,ul,li';
+        }
+
+        // create Purifier config
+        $config = \HTMLPurifier_Config::createDefault();
+        $config->loadArray(
+            [
+                'HTML' => [
+                    'Allowed' => $allowedHtmlTags,
+                    // we set targets to blank
+                    'TargetBlank' => true,
+                ],
+            ]
+        );
+
+        // create Purifier and assign config to it
+        $purifier = new \HTMLPurifier($config);
+
+        // purify html content and return it
+        return $purifier->purify($htmlContent);
+    }
+}

Classes/ViewHelpers/PurifyViewHelper.php

@@ -0,0 +1,107 @@
+<?php
+declare(strict_types=1);
+
+namespace ElementareTeilchen\HtmlPurify\ViewHelpers;
+
+/**
+ * This file is part of the "html_purify" Extension for TYPO3 CMS.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ */
+
+use ElementareTeilchen\HtmlPurify\Service\PurifyService;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface;
+use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
+use TYPO3Fluid\Fluid\Core\ViewHelper\AbstractViewHelper;
+use TYPO3Fluid\Fluid\Core\ViewHelper\Traits\CompileWithContentArgumentAndRenderStatic;
+
+/**
+ * Purifies HTML content by keeping only allowed HTML tags.
+ *
+ * Examples
+ * ========
+ *
+ * Default
+ * -------
+ *
+ * ::
+ *
+ *    <hp:purify allowedHtmlTags="strong,em">{someVariableWithUnwantedHTMLTagsOrPotentialXSS -> f:format.raw()}</hp:purify>
+ *
+ * Output in frontend::
+ *
+ *    String without html tags beside strong or em
+ *
+ *
+ * Inline notation
+ * ---------------
+ *
+ * ::
+ *
+ *    {someVariableWithUnwantedHTMLTagsOrPotentialXSS -> f:format.raw() -> hp:purify(allowedHtmlTags: 'strong,em')}
+ *
+ * Output::
+ *
+ *    String without html tags beside strong or em
+ *
+ *
+ * Inline notation without variable
+ * ------------------
+ *
+ * ::
+ *
+ *    {hp:purify(allowedHtmlTags: 'p,strong', htmlContent: '<p>Text with <strong>HTML</strong> but <em>EM tag will be removed</em></p>')}
+ *
+ * Output::
+ *
+ *    String without html tags beside p and strong
+ *    <p>Text with <strong>HTML</strong> but EM tag will be removed</p>
+ */
+class PurifyViewHelper extends AbstractViewHelper
+{
+    use CompileWithContentArgumentAndRenderStatic;
+
+    protected $escapeOutput = false;
+
+    public function initializeArguments()
+    {
+        $this->registerArgument('htmlContent', 'string', 'The html content to purify');
+        $this->registerArgument('allowedHtmlTags', 'string', 'The allowed HTML tags');
+    }
+
+    public static function renderStatic(
+        array $arguments,
+        \Closure $renderChildrenClosure,
+        RenderingContextInterface $renderingContext
+    ) {
+        $htmlContent = $renderChildrenClosure();
+
+        // if there is no string content, we do not proceed
+        if (!is_string($htmlContent) || \trim($htmlContent) === '') {
+            return '';
+        }
+
+        // allowed HTML tags
+        $allowedHtmlTags = null;
+        // use viewhelper argument if set
+        if ($arguments['allowedHtmlTags']) {
+            $allowedHtmlTags = $arguments['allowedHtmlTags'];
+
+        // use typoscript default values if configured
+        } else {
+            $configurationManager = GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Configuration\\ConfigurationManager');
+            $typoScript = $configurationManager->getConfiguration(
+                ConfigurationManagerInterface::CONFIGURATION_TYPE_SETTINGS,
+                'html_purify'
+            );
+            if (isset($typoScript['allowedHtmlTags'])) {
+                $allowedHtmlTags = $typoScript['allowedHtmlTags'];
+            }
+        }
+
+        // purify and return HTML content
+        return PurifyService::purify($htmlContent, $allowedHtmlTags);
+    }
+}

Configuration/TCA/Overrides/sys_template.php

@@ -0,0 +1,4 @@
+<?php
+defined('TYPO3_MODE') or die();
+
+\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addStaticFile('html_purify', 'Configuration/TypoScript', 'HTML purify');

Configuration/TypoScript/constants.typoscript

@@ -0,0 +1,8 @@
+plugin.tx_html_purify {
+    # ====================================
+    # Settings used by purify viewhelper for default values
+    # ====================================
+    settings {
+        allowedHtmlTags = h1,h2,h3,p,strong,br,em,ol,ul,li
+    }
+}

Configuration/TypoScript/setup.typoscript

@@ -0,0 +1,8 @@
+plugin.tx_html_purify {
+    # ====================================
+    # Settings used by purify viewhelper for default values
+    # ====================================
+    settings {
+        allowedHtmlTags = {$plugin.tx_html_purify.settings.allowedHtmlTags}
+    }
+}