From 3a35add87804ae2b1b108faf81962d8254254755 Mon Sep 17 00:00:00 2001 From: Arlen Johnson Date: Mon, 20 Jan 2025 16:09:40 -0500 Subject: [PATCH] Allow HTML in Message Template (CFM-390) --- app/composer.json | 3 +- app/composer.lock | 316 +++++++++- app/resources/locales/en_US/error.po | 6 + app/src/Lib/Traits/ValidationTrait.php | 57 +- app/src/Model/Table/MessageTemplatesTable.php | 2 +- app/vendor/cakephp-plugins.php | 1 - app/vendor/composer/ClassLoader.php | 96 ++-- app/vendor/composer/InstalledVersions.php | 17 +- app/vendor/composer/autoload_psr4.php | 7 +- app/vendor/composer/autoload_static.php | 36 +- app/vendor/composer/installed.json | 322 +++++++++++ app/vendor/composer/installed.php | 48 +- .../symfony/html-sanitizer/CHANGELOG.md | 17 + .../symfony/html-sanitizer/HtmlSanitizer.php | 140 +++++ .../html-sanitizer/HtmlSanitizerAction.php | 30 + .../html-sanitizer/HtmlSanitizerConfig.php | 544 ++++++++++++++++++ .../html-sanitizer/HtmlSanitizerInterface.php | 42 ++ app/vendor/symfony/html-sanitizer/LICENSE | 19 + .../Parser/MastermindsParser.php | 29 + .../html-sanitizer/Parser/ParserInterface.php | 27 + app/vendor/symfony/html-sanitizer/README.md | 115 ++++ .../html-sanitizer/Reference/W3CReference.php | 400 +++++++++++++ .../TextSanitizer/StringSanitizer.php | 82 +++ .../TextSanitizer/UrlSanitizer.php | 142 +++++ .../AttributeSanitizerInterface.php | 41 ++ .../UrlAttributeSanitizer.php | 53 ++ .../html-sanitizer/Visitor/DomVisitor.php | 188 ++++++ .../html-sanitizer/Visitor/Model/Cursor.php | 26 + .../Visitor/Node/BlockedNode.php | 45 ++ .../Visitor/Node/DocumentNode.php | 40 ++ .../html-sanitizer/Visitor/Node/Node.php | 121 ++++ .../Visitor/Node/NodeInterface.php | 37 ++ .../html-sanitizer/Visitor/Node/TextNode.php | 39 ++ .../symfony/html-sanitizer/composer.json | 31 + 34 files changed, 3012 insertions(+), 107 deletions(-) create mode 100644 app/vendor/symfony/html-sanitizer/CHANGELOG.md create mode 100644 app/vendor/symfony/html-sanitizer/HtmlSanitizer.php create mode 100644 app/vendor/symfony/html-sanitizer/HtmlSanitizerAction.php create mode 100644 app/vendor/symfony/html-sanitizer/HtmlSanitizerConfig.php create mode 100644 app/vendor/symfony/html-sanitizer/HtmlSanitizerInterface.php create mode 100644 app/vendor/symfony/html-sanitizer/LICENSE create mode 100644 app/vendor/symfony/html-sanitizer/Parser/MastermindsParser.php create mode 100644 app/vendor/symfony/html-sanitizer/Parser/ParserInterface.php create mode 100644 app/vendor/symfony/html-sanitizer/README.md create mode 100644 app/vendor/symfony/html-sanitizer/Reference/W3CReference.php create mode 100644 app/vendor/symfony/html-sanitizer/TextSanitizer/StringSanitizer.php create mode 100644 app/vendor/symfony/html-sanitizer/TextSanitizer/UrlSanitizer.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/AttributeSanitizer/AttributeSanitizerInterface.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/AttributeSanitizer/UrlAttributeSanitizer.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/DomVisitor.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Model/Cursor.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Node/BlockedNode.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Node/DocumentNode.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Node/Node.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Node/NodeInterface.php create mode 100644 app/vendor/symfony/html-sanitizer/Visitor/Node/TextNode.php create mode 100644 app/vendor/symfony/html-sanitizer/composer.json diff --git a/app/composer.json b/app/composer.json index dada08d3b..d9672ff81 100644 --- a/app/composer.json +++ b/app/composer.json @@ -12,7 +12,8 @@ "doctrine/dbal": "^3.3", "league/container": "^4.2.0", "mobiledetect/mobiledetectlib": "^2.8", - "psr/log": "^2.0" + "psr/log": "^2.0", + "symfony/html-sanitizer": "^7.2" }, "require-dev": { "cakephp/bake": "^2.6", diff --git a/app/composer.lock b/app/composer.lock index 5979febac..f383754fd 100644 --- a/app/composer.lock +++ b/app/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "f2f99645ddd782396dd920df29d7e787", + "content-hash": "0db20fb981b4b8c8d1f6b017df5c777f", "packages": [ { "name": "cakephp/cakephp", @@ -952,6 +952,247 @@ ], "time": "2021-11-16T10:29:06+00:00" }, + { + "name": "league/uri", + "version": "7.5.1", + "source": { + "type": "git", + "url": "https://github.com/thephpleague/uri.git", + "reference": "81fb5145d2644324614cc532b28efd0215bda430" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430", + "reference": "81fb5145d2644324614cc532b28efd0215bda430", + "shasum": "" + }, + "require": { + "league/uri-interfaces": "^7.5", + "php": "^8.1" + }, + "conflict": { + "league/uri-schemes": "^1.0" + }, + "suggest": { + "ext-bcmath": "to improve IPV4 host parsing", + "ext-fileinfo": "to create Data URI from file contennts", + "ext-gmp": "to improve IPV4 host parsing", + "ext-intl": "to handle IDN host with the best performance", + "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain", + "league/uri-components": "Needed to easily manipulate URI objects components", + "php-64bit": "to improve IPV4 host parsing", + "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.x-dev" + } + }, + "autoload": { + "psr-4": { + "League\\Uri\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ignace Nyamagana Butera", + "email": "nyamsprod@gmail.com", + "homepage": "https://nyamsprod.com" + } + ], + "description": "URI manipulation library", + "homepage": "https://uri.thephpleague.com", + "keywords": [ + "data-uri", + "file-uri", + "ftp", + "hostname", + "http", + "https", + "middleware", + "parse_str", + "parse_url", + "psr-7", + "query-string", + "querystring", + "rfc3986", + "rfc3987", + "rfc6570", + "uri", + "uri-template", + "url", + "ws" + ], + "support": { + "docs": "https://uri.thephpleague.com", + "forum": "https://thephpleague.slack.com", + "issues": "https://github.com/thephpleague/uri-src/issues", + "source": "https://github.com/thephpleague/uri/tree/7.5.1" + }, + "funding": [ + { + "url": "https://github.com/sponsors/nyamsprod", + "type": "github" + } + ], + "time": "2024-12-08T08:40:02+00:00" + }, + { + "name": "league/uri-interfaces", + "version": "7.5.0", + "source": { + "type": "git", + "url": "https://github.com/thephpleague/uri-interfaces.git", + "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742", + "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742", + "shasum": "" + }, + "require": { + "ext-filter": "*", + "php": "^8.1", + "psr/http-factory": "^1", + "psr/http-message": "^1.1 || ^2.0" + }, + "suggest": { + "ext-bcmath": "to improve IPV4 host parsing", + "ext-gmp": "to improve IPV4 host parsing", + "ext-intl": "to handle IDN host with the best performance", + "php-64bit": "to improve IPV4 host parsing", + "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.x-dev" + } + }, + "autoload": { + "psr-4": { + "League\\Uri\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ignace Nyamagana Butera", + "email": "nyamsprod@gmail.com", + "homepage": "https://nyamsprod.com" + } + ], + "description": "Common interfaces and classes for URI representation and interaction", + "homepage": "https://uri.thephpleague.com", + "keywords": [ + "data-uri", + "file-uri", + "ftp", + "hostname", + "http", + "https", + "parse_str", + "parse_url", + "psr-7", + "query-string", + "querystring", + "rfc3986", + "rfc3987", + "rfc6570", + "uri", + "url", + "ws" + ], + "support": { + "docs": "https://uri.thephpleague.com", + "forum": "https://thephpleague.slack.com", + "issues": "https://github.com/thephpleague/uri-src/issues", + "source": "https://github.com/thephpleague/uri-interfaces/tree/7.5.0" + }, + "funding": [ + { + "url": "https://github.com/sponsors/nyamsprod", + "type": "github" + } + ], + "time": "2024-12-08T08:18:47+00:00" + }, + { + "name": "masterminds/html5", + "version": "2.9.0", + "source": { + "type": "git", + "url": "https://github.com/Masterminds/html5-php.git", + "reference": "f5ac2c0b0a2eefca70b2ce32a5809992227e75a6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/Masterminds/html5-php/zipball/f5ac2c0b0a2eefca70b2ce32a5809992227e75a6", + "reference": "f5ac2c0b0a2eefca70b2ce32a5809992227e75a6", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.8.35 || ^5.7.21 || ^6 || ^7 || ^8 || ^9" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.7-dev" + } + }, + "autoload": { + "psr-4": { + "Masterminds\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Matt Butcher", + "email": "technosophos@gmail.com" + }, + { + "name": "Matt Farina", + "email": "matt@mattfarina.com" + }, + { + "name": "Asmir Mustafic", + "email": "goetas@gmail.com" + } + ], + "description": "An HTML5 parser and serializer.", + "homepage": "http://masterminds.github.io/html5-php", + "keywords": [ + "HTML5", + "dom", + "html", + "parser", + "querypath", + "serializer", + "xml" + ], + "support": { + "issues": "https://github.com/Masterminds/html5-php/issues", + "source": "https://github.com/Masterminds/html5-php/tree/2.9.0" + }, + "time": "2024-03-31T07:05:07+00:00" + }, { "name": "mobiledetect/mobiledetectlib", "version": "2.8.45", @@ -1875,6 +2116,75 @@ ], "time": "2024-01-23T15:02:46+00:00" }, + { + "name": "symfony/html-sanitizer", + "version": "v7.2.2", + "source": { + "type": "git", + "url": "https://github.com/symfony/html-sanitizer.git", + "reference": "f6bc679b024e30f27e33815930a5b8b304c79813" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/html-sanitizer/zipball/f6bc679b024e30f27e33815930a5b8b304c79813", + "reference": "f6bc679b024e30f27e33815930a5b8b304c79813", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "league/uri": "^6.5|^7.0", + "masterminds/html5": "^2.7.2", + "php": ">=8.2" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\HtmlSanitizer\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Titouan Galopin", + "email": "galopintitouan@gmail.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM.", + "homepage": "https://symfony.com", + "keywords": [ + "Purifier", + "html", + "sanitizer" + ], + "support": { + "source": "https://github.com/symfony/html-sanitizer/tree/v7.2.2" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-12-30T18:35:15+00:00" + }, { "name": "symfony/polyfill-ctype", "version": "v1.29.0", @@ -6435,6 +6745,6 @@ "platform": { "php": ">=8.0" }, - "platform-dev": [], - "plugin-api-version": "2.3.0" + "platform-dev": {}, + "plugin-api-version": "2.6.0" } diff --git a/app/resources/locales/en_US/error.po b/app/resources/locales/en_US/error.po index 871a8b300..0e2a24829 100644 --- a/app/resources/locales/en_US/error.po +++ b/app/resources/locales/en_US/error.po @@ -190,9 +190,15 @@ msgstr "When this value is selected, {0} cannot be empty" msgid "input.invalid" msgstr "Invalid character found" +msgid "input.invalid.brackets" +msgstr "Invalid character found. Angle brackets ('<>') are disallowed." + msgid "input.invalid.email" msgstr "The provided value is not a valid email address" +msgid "input.invalid.html" +msgstr "HTML should be well-formed, and non-standard attributes,