| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 |
- <?php
- namespace MailPoet\Newsletter;
- if (!defined('ABSPATH')) exit;
- use MailPoet\WP\Functions as WPFunctions;
- class NewsletterHtmlSanitizer {
- /** @var WPFunctions */
- private $wp;
- /**
- * @var array
- * Configuration of allowed tags for form blocks that may contain some html.
- * Covers all tags available in the form editor's Rich Text component
- */
- private $allowedHtml = [
- 'p' => [
- 'class' => true,
- 'style' => true,
- ],
- 'span' => [
- 'class' => true,
- 'style' => true,
- ],
- 'a' => [
- 'href' => true,
- 'class' => true,
- 'title' => true,
- 'target' => true,
- 'style' => true,
- ],
- 'h1' => [
- 'class' => true,
- 'style' => true,
- ],
- 'h2' => [
- 'class' => true,
- 'style' => true,
- ],
- 'h3' => [
- 'class' => true,
- 'style' => true,
- ],
- 'ol' => [
- 'class' => true,
- 'style' => true,
- ],
- 'ul' => [
- 'class' => true,
- 'style' => true,
- ],
- 'li' => [
- 'class' => true,
- 'style' => true,
- ],
- 'strong' => [
- 'class' => true,
- 'style' => true,
- ],
- 'em' => [
- 'class' => true,
- 'style' => true,
- ],
- 'strike' => [],
- 'br' => [],
- 'blockquote' => [
- 'class' => true,
- 'style' => true,
- ],
- 'table' => [
- 'class' => true,
- 'style' => true,
- ],
- 'tr' => [
- 'class' => true,
- 'style' => true,
- ],
- 'th' => [
- 'class' => true,
- 'style' => true,
- ],
- 'td' => [
- 'class' => true,
- 'style' => true,
- ],
- 'del' => [],
- ];
- public function __construct(
- WPFunctions $wp
- ) {
- $this->wp = $wp;
- }
- public function sanitize(string $html): string {
- // Because wpKses break shortcodes we prefix shortcodes with http protocol
- $html = str_replace('href="[', 'href="http://[', $html);
- $html = $this->wp->wpKses($html, $this->allowedHtml);
- $html = str_replace('href="http://[', 'href="[', $html);
- return $html;
- }
- }
|
