@@ -160,84 +160,7 @@ public function applySalableProductTypesFilter($collection)
160
160
*/
161
161
public function escapeHtmlWithLinks ($ data , $ allowedTags = null )
162
162
{
163
- if (!empty ($ data ) && is_array ($ allowedTags ) && in_array ('a ' , $ allowedTags )) {
164
- $ wrapperElementId = uniqid ();
165
- $ domDocument = $ this ->domDocumentFactory ->create ();
166
-
167
- $ internalErrors = libxml_use_internal_errors (true );
168
-
169
- $ convmap = [0x80 , 0x10FFFF , 0 , 0x1FFFFF ];
170
- $ data = mb_encode_numericentity (
171
- $ data ,
172
- $ convmap ,
173
- 'UTF-8 '
174
- );
175
-
176
- $ domDocument ->loadHTML (
177
- '<html><body id=" ' . $ wrapperElementId . '"> ' . $ data . '</body></html> '
178
- );
179
-
180
- libxml_use_internal_errors ($ internalErrors );
181
-
182
- $ linkTags = $ domDocument ->getElementsByTagName ('a ' );
183
-
184
- foreach ($ linkTags as $ linkNode ) {
185
- $ linkAttributes = [];
186
- foreach ($ linkNode ->attributes as $ attribute ) {
187
- $ linkAttributes [$ attribute ->name ] = $ attribute ->value ;
188
- }
189
-
190
- foreach ($ linkAttributes as $ attributeName => $ attributeValue ) {
191
- if ($ attributeName === 'href ' ) {
192
- $ url = $ this ->filterUrl ($ attributeValue ?? '' );
193
- $ url = $ this ->escaper ->escapeUrl ($ url );
194
- $ linkNode ->setAttribute ('href ' , $ url );
195
- } else {
196
- $ linkNode ->removeAttribute ($ attributeName );
197
- }
198
- }
199
- }
200
-
201
- $ result = mb_decode_numericentity (
202
- // phpcs:ignore Magento2.Functions.DiscouragedFunction
203
- html_entity_decode (
204
- htmlentities ($ domDocument ->saveHTML ()),
205
- ENT_QUOTES |ENT_SUBSTITUTE ,
206
- 'UTF-8 '
207
- ),
208
- $ convmap ,
209
- 'UTF-8 '
210
- );
211
-
212
- preg_match ('/<body id=" ' . $ wrapperElementId . '">(.+)<\/body><\/html>$/si ' , $ result , $ matches );
213
- $ data = !empty ($ matches ) ? $ matches [1 ] : '' ;
214
- }
215
-
216
163
return $ this ->escaper ->escapeHtml ($ data , $ allowedTags );
217
164
}
218
165
219
- /**
220
- * Filter the URL for allowed protocols.
221
- *
222
- * @param string $url
223
- * @return string
224
- */
225
- private function filterUrl (string $ url ): string
226
- {
227
- if ($ url ) {
228
- //Revert the sprintf escaping
229
- // phpcs:ignore Magento2.Functions.DiscouragedFunction
230
- $ urlScheme = parse_url ($ url , PHP_URL_SCHEME );
231
- $ urlScheme = $ urlScheme ? strtolower ($ urlScheme ) : '' ;
232
- if ($ urlScheme !== 'http ' && $ urlScheme !== 'https ' ) {
233
- $ url = null ;
234
- }
235
- }
236
-
237
- if (!$ url ) {
238
- $ url = '# ' ;
239
- }
240
-
241
- return $ url ;
242
- }
243
166
}
0 commit comments