Bug 38488: Add Template::Toolkit filter for C4::Scrubber
This change adds a Template::Toolkit filter which is invoked via " | scrub_html type => 'note' ". Test plan: 0. Apply the patch 1. prove t/Koha/Plugins/HtmlScrubber.t Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
4f294dec5f
commit
31ff6b69df
GPG key ID:
0EF6E2C03357A834
2 changed files with 136 additions and 0 deletions
77
Koha/Template/Plugin/HtmlScrubber.pm
Normal file
77
Koha/Template/Plugin/HtmlScrubber.pm
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
package Koha::Template::Plugin::HtmlScrubber;
|
||||
|
||||
# This file is part of Koha.
|
||||
#
|
||||
# Koha is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Koha is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
||||
|
||||
use Modern::Perl;
|
||||
use base 'Template::Plugin::Filter';
|
||||
|
||||
use C4::Scrubber;
|
||||
|
||||
sub init {
|
||||
my $self = shift;
|
||||
my $name = 'scrub_html';
|
||||
$self->{_DYNAMIC} = 1;
|
||||
$self->install_filter($name);
|
||||
$self->{cached_filters} = {};
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub filter {
|
||||
my ( $self, $text, $args, $config ) = @_;
|
||||
my $type = $config->{type} || 'default';
|
||||
if ($type) {
|
||||
if ( !$self->{cached_filters}->{$type} ) {
|
||||
my $new_scrubber = C4::Scrubber->new($type);
|
||||
if ($new_scrubber) {
|
||||
$self->{cached_filters}->{$type} = $new_scrubber;
|
||||
}
|
||||
}
|
||||
my $scrubber = $self->{cached_filters}->{$type};
|
||||
if ($scrubber) {
|
||||
my $scrubbed = $scrubber->scrub($text);
|
||||
return $scrubbed;
|
||||
}
|
||||
}
|
||||
|
||||
#NOTE: If you don't have a scrubber, just return what was passed in
|
||||
return $text;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Koha::Template::Plugin::HtmlScrubber - TT plugin for scrubbing HTML to limited elements and attributes
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
[% USE HtmlScrubber %]
|
||||
|
||||
[% content.note | scrub_html type => 'note' %]
|
||||
|
||||
This filter scrubs HTML using profiles predefined in C4::Scrubber
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
=head2 init
|
||||
|
||||
This method installs the filter name and declares it as a dynamic filter
|
||||
|
||||
=head2 filter
|
||||
|
||||
Returns a scrubbed version of HTML content
|
||||
|
||||
=cut
|
||||
59
t/Koha/Plugins/HtmlScrubber.t
Executable file
59
t/Koha/Plugins/HtmlScrubber.t
Executable file
|
|
@ -0,0 +1,59 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# This file is part of Koha.
|
||||
#
|
||||
# Koha is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Koha is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
||||
|
||||
use Modern::Perl;
|
||||
|
||||
use Test::More tests => 2;
|
||||
use Template;
|
||||
|
||||
subtest 'test scrubbing using default scrubber' => sub {
|
||||
plan tests => 1;
|
||||
my $template = Template->new(
|
||||
{
|
||||
PLUGIN_BASE => 'Koha::Template::Plugin',
|
||||
}
|
||||
);
|
||||
|
||||
my $tt = <<EOF;
|
||||
[%- USE HtmlScrubber %]
|
||||
[%- '<script>alert("boo!")</script><p>Hello!</p>' | scrub_html -%]
|
||||
[%- '<div id="stuff">Hello!</div>' | scrub_html -%]
|
||||
EOF
|
||||
|
||||
my $output;
|
||||
$template->process( \$tt, {}, \$output );
|
||||
is( $output, 'Hello!Hello!', 'Default scrubber removes all HTML' );
|
||||
};
|
||||
|
||||
subtest 'test scrubbing using "note" type' => sub {
|
||||
plan tests => 1;
|
||||
my $template = Template->new(
|
||||
{
|
||||
PLUGIN_BASE => 'Koha::Template::Plugin',
|
||||
}
|
||||
);
|
||||
|
||||
my $tt = <<EOF;
|
||||
[%- USE HtmlScrubber %]
|
||||
[%- '<script>alert("boo!")</script><p>Hello!</p>' | scrub_html type => 'note' -%]
|
||||
[%- '<div id="stuff">Hello!</div>' | scrub_html type => 'note' -%]
|
||||
EOF
|
||||
|
||||
my $output;
|
||||
$template->process( \$tt, {}, \$output );
|
||||
is( $output, '<p>Hello!</p><div>Hello!</div>', '<script> element and "id" attribute stripped out' );
|
||||
};
|
||||
Loading…
Reference in a new issue