Index: src/include/lib/Garradin/Web/Render/Skriv.php ================================================================== --- src/include/lib/Garradin/Web/Render/Skriv.php +++ src/include/lib/Garradin/Web/Render/Skriv.php @@ -6,25 +6,28 @@ use Garradin\Plugin; use Garradin\UserTemplate\CommonModifiers; use KD2\SkrivLite; +use KD2\Garbage2xhtml; use const Garradin\{ADMIN_URL, WWW_URL}; class Skriv extends AbstractRender { protected $skriv; + protected $g2x; public function __construct(?File $file = null, ?string $user_prefix = null) { parent::__construct($file, $user_prefix); $this->skriv = new SkrivLite; $this->skriv->registerExtension('file', [$this, 'SkrivFile']); $this->skriv->registerExtension('fichier', [$this, 'SkrivFile']); $this->skriv->registerExtension('image', [$this, 'SkrivImage']); + $this->skriv->registerExtension('html', [$this, 'SkrivHTML']); // Enregistrer d'autres extensions éventuellement Plugin::fireSignal('skriv.init', ['skriv' => $this->skriv]); } @@ -123,8 +126,26 @@ } $out = sprintf('
%s%s
', $align, $out, $caption); } + return $out; + } + + /** + * Callback utilisé pour l'extension <>: permet d'insérer du code HTML protégé contre le XSS + * (enfin, au max de ce qui est possible…) + */ + public function SkrivHTML(array $args, ?string $content, SkrivLite $skriv): string + { + if (null == $this->g2x) { + $this->g2x = new Garbage2xhtml; + $this->g2x->secure = true; + $this->g2x->enclose_text = false; + $this->g2x->auto_br = false; + } + + $out = $this->g2x->process($content); + return $out; } } Index: src/include/lib/dependencies.list ================================================================== --- src/include/lib/dependencies.list +++ src/include/lib/dependencies.list @@ -7,10 +7,11 @@ KD2/ErrorManager.php KD2/FileInfo.php KD2/Form.php KD2/FossilInstaller.php KD2/HTTP.php +KD2/Garbage2xhtml.php KD2/Graphics/Image.php KD2/Graphics/QRCode.php KD2/Graphics/SVG/Pie.php KD2/Graphics/SVG/Plot.php KD2/Graphics/SVG/Bar.php