Move url sanitisation out of Element class

2023-08-10 21:13:06 +03:00 · 2019-02-10 17:24:00 +00:00
parent a681cf631c
commit 41fb6b0d43
4 changed files with 67 additions and 57 deletions
--- a/src/Components/Inlines/Image.php
+++ b/src/Components/Inlines/Image.php
@@ -8,6 +8,7 @@ use Erusev\Parsedown\Components\Inline;
 use Erusev\Parsedown\Configurables\SafeMode;
 use Erusev\Parsedown\Html\Renderables\Element;
 use Erusev\Parsedown\Html\Renderables\Text;
+use Erusev\Parsedown\Html\Sanitisation\UrlSanitiser;
 use Erusev\Parsedown\Parsedown;
 use Erusev\Parsedown\Parsing\Excerpt;
 use Erusev\Parsedown\State;
@@ -84,7 +85,7 @@ final class Image implements Inline
                }

                if ($State->get(SafeMode::class)->isEnabled()) {
-                    $attributes['src'] = Element::filterUnsafeUrl($attributes['src']);
+                    $attributes['src'] = UrlSanitiser::filter($attributes['src']);
                }

                return Element::selfClosing('img', $attributes);
--- a/src/Components/Inlines/Link.php
+++ b/src/Components/Inlines/Link.php
@@ -10,6 +10,7 @@ use Erusev\Parsedown\Configurables\InlineTypes;
 use Erusev\Parsedown\Configurables\SafeMode;
 use Erusev\Parsedown\Html\Renderables\Element;
 use Erusev\Parsedown\Html\Renderables\Text;
+use Erusev\Parsedown\Html\Sanitisation\UrlSanitiser;
 use Erusev\Parsedown\Parsedown;
 use Erusev\Parsedown\Parsing\Excerpt;
 use Erusev\Parsedown\State;
@@ -124,7 +125,7 @@ final class Link implements Inline
                }

                if ($State->get(SafeMode::class)->isEnabled()) {
-                    $attributes['href'] = Element::filterUnsafeUrl($attributes['href']);
+                    $attributes['href'] = UrlSanitiser::filter($attributes['href']);
                }

                $State = $State->setting(