vendor/shopware/core/Framework/Util/HtmlSanitizer.php line 42

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Shopware\Core\Framework\Util;
  7. use Shopware\Core\Framework\Log\Package;
  9. #[Package('core')]
  10. class HtmlSanitizer
  11. {
  12. /**
  13. * @var \HTMLPurifier[]
  14. */
  15. private array $purifiers = [];
  17. private string $cacheDir;
  19. private bool $cacheEnabled;
  21. private array $sets;
  23. private array $fieldSets;
  25. private array $cache = [];
  27. /**
  28. * @internal
  29. */
  30. public function __construct(
  31. ?string $cacheDir = null,
  32. bool $cacheEnabled = true,
  33. array $sets = [],
  34. array $fieldSets = []
  35. ) {
  36. $this->cacheDir = (string) $cacheDir;
  37. $this->cacheEnabled = $cacheEnabled;
  38. $this->sets = $sets;
  39. $this->fieldSets = $fieldSets;
  40. }
  42. public function sanitize(string $text, ?array $options = [], bool $override = false, ?string $field = null): string
  43. {
  44. $options = $options ?? [];
  46. $hash = md5(sprintf('%s%s', (string) json_encode($options), (string) $field));
  48. if ($override) {
  49. $hash .= '-override';
  50. }
  52. $textKey = $hash . md5($text);
  53. if (isset($this->cache[$textKey])) {
  54. return $this->cache[$textKey];
  55. }
  57. if (!isset($this->purifiers[$hash])) {
  58. $config = $this->getConfig($options, $override, $field);
  59. $this->purifiers[$hash] = new \HTMLPurifier($config);
  60. }
  62. $this->cache[$textKey] = $this->purifiers[$hash]->purify($text);
  64. return $this->cache[$textKey];
  65. }
  67. private function getBaseConfig(): \HTMLPurifier_Config
  68. {
  69. $config = \HTMLPurifier_Config::createDefault();
  71. if ($this->cacheDir !== '') {
  72. $config->set('Cache.SerializerPath', $this->cacheDir);
  73. }
  75. if (!$this->cacheEnabled) {
  76. $config->set('Cache.DefinitionImpl', null);
  77. }
  79. $config->set('Cache.SerializerPermissions', 0775 & ~umask());
  81. return $config;
  82. }
  84. private function getConfig(array $options, bool $override, ?string $field): \HTMLPurifier_Config
  85. {
  86. $config = $this->getBaseConfig();
  88. $allowedElements = [];
  89. $allowedAttributes = [];
  91. foreach ($options as $element => $attributes) {
  92. if ($element !== '*') {
  93. $allowedElements[] = $element;
  94. }
  96. foreach ($attributes as $attr) {
  97. $allowedAttributes[] = $element === '*' ? $attr : "{$element}.{$attr}";
  98. }
  99. }
  101. if (!$override) {
  102. $sets = $this->fieldSets[$field]['sets'] ?? ['basic'];
  104. foreach ($sets as $set) {
  105. if (isset($this->sets[$set]['tags'])) {
  106. $allowedElements = array_merge($allowedElements, $this->sets[$set]['tags']);
  107. }
  108. if (isset($this->sets[$set]['attributes'])) {
  109. $allowedAttributes = array_merge($allowedAttributes, $this->sets[$set]['attributes']);
  110. }
  111. if (isset($this->sets[$set]['options'])) {
  112. foreach ($this->sets[$set]['options'] as $key => $value) {
  113. $config->set($key, $value);
  114. }
  115. }
  116. }
  117. }
  119. $config->set('HTML.AllowedElements', $allowedElements);
  120. $config->set('HTML.AllowedAttributes', $allowedAttributes);
  122. return $config;
  123. }
  124. }