Enabled optional use of custom HTML for ll page

Enabled users to use custom HTML formatting for their personal page descriptions.

Due to security reasons, this option is turned off by default. This setting can be enabled in the config.

Author: JulianPrieber

.env

@@ -1,6 +1,6 @@
 #Email verification=Changes if users have to verify their email after registration.
 #=REGISTER_AUTH either auth or verified. If auth is selected, no verification is required. Default is verified.
-REGISTER_AUTH=verified
+REGISTER_AUTH=auth
 
 #Internal notifications=Changes if certain messages should be displayed or not.
 #=NOTIFY_EVENTS notifies admins if an important event is happening, such as polls about the future of this project or security vulnerabilities.
@@ -15,10 +15,15 @@ DISPLAY_CREDIT=true
 #=(e.g. 'admin' without the '@')
 HOME_URL=
 
+#ALLOW_USER_HTML=Changes if users are able to use custom HTML in their descriptions. Allows for more customized texts.
+#=Either true or false. USE WITH CAUTION! If true, this enables users to use custom code, including JavaScript. 
+#=It is recommended to only turn this option on if you trust your users or only use this instance for yourself.
+ALLOW_USER_HTML=false
+
 #App Settings=Changes settings regarding your LittleLink Custom installation. You probably only want to change the App Name setting.
 #=App_Name changes  the displayed name for the App in the title, for example.
 APP_NAME="LittleLink Custom"
-APP_KEY=
+APP_KEY=base64:YUFWn5swwXryVBujHaOdiPqNvLEsC7RZs8df3rb/DJs=
 #=The APP_URL should be left empty under most circumstances. This setting is not required for LittleLink Custom, and you should only change this if required for your setup.
 APP_URL=
 

resources/views/littlelink.blade.php

@@ -147,7 +147,7 @@ function get_operating_system() {
         <h1 class="fadein">{{ $info->name }}</h1>
 
         <!-- Short Bio -->
-        <center><p style="width: 50%; min-width: 300px;" class="fadein">{{ $info->littlelink_description }}</p></center>
+        <center><p style="width: 50%; min-width: 300px;" class="fadein">@if(env('ALLOW_USER_HTML') === true){!! $info->littlelink_description !!}@else{{ $info->littlelink_description }}@endif</p></center>
 
         @endforeach		
         <!-- Buttons -->

resources/views/studio/page.blade.php

@@ -2,6 +2,8 @@
 
 @section('content')
 
+@if(env('ALLOW_USER_HTML') === true) <script src="{{ asset('resources/ckeditor/ckeditor.js') }}"></script> @endif
+
         <h2 class="mb-4"><i class="bi bi-file-earmark-break"> Page</i></h2>
 
         <form action="{{ route('editPage') }}" enctype="multipart/form-data" method="post">
@@ -41,7 +43,7 @@
 
           <div class="form-group col-lg-8">
             <label>Page Description</label>
-            <textarea class="form-control" name="pageDescription" rows="3">{{ $page->littlelink_description ?? '' }}</textarea>
+            <textarea class="form-control @if(env('ALLOW_USER_HTML') === true) ckeditor @endif" name="pageDescription" rows="3">{{ $page->littlelink_description ?? '' }}</textarea>
           </div>
           @endforeach
           <button type="submit" class="mt-3 ml-3 btn btn-info">Submit</button>

storage/backups/default_settings

@@ -15,6 +15,11 @@ DISPLAY_CREDIT=true
 #=(e.g. 'admin' without the '@')
 HOME_URL=
 
+#ALLOW_USER_HTML=Changes if users are able to use custom HTML in their descriptions. Allows for more customized texts.
+#=Either true or false. USE WITH CAUTION! If true, this enables users to use custom code, including JavaScript. 
+#=It is recommended to only turn this option on if you trust your users or only use this instance for yourself.
+ALLOW_USER_HTML=false
+
 #App Settings=Changes settings regarding your LittleLink Custom installation. You probably only want to change the App Name setting.
 #=App_Name changes  the displayed name for the App in the title, for example.
 APP_NAME="LittleLink Custom"