mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-01-18 05:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

HTML Sanitizer updates (#5736)

Browse Source 
* Update HTML sanitizer package

* Remove unused sanitizer from apps

* Allow mailto: links

Fixes #5728.
This commit is contained in:
d11n 2024-02-21 20:53:24 +01:00 committed by GitHub
parent 354338180b
commit 147c6c4548
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer.Abstractions/BTCPayServer.Abstractions.csproj
View File

@ -31,7 +31,7 @@
<None Include="icon.png" Pack="true" PackagePath="\" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="HtmlSanitizer" Version="8.0.723" />
<PackageReference Include="HtmlSanitizer" Version="8.0.838" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.1" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.1" />
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.0" />

3
BTCPayServer/Hosting/BTCPayServerServices.cs
View File

@ -317,10 +317,8 @@ namespace BTCPayServer.Hosting
services.TryAddTransient<DisplayFormatter>();
services.TryAddSingleton<Ganss.Xss.HtmlSanitizer>(o =>
{
var htmlSanitizer = new Ganss.Xss.HtmlSanitizer();
htmlSanitizer.RemovingAtRule += (sender, args) =>
{
};
@ -353,6 +351,7 @@ namespace BTCPayServer.Hosting
htmlSanitizer.AllowedTags.Remove("img");
htmlSanitizer.AllowedAttributes.Add("webkitallowfullscreen");
htmlSanitizer.AllowedAttributes.Add("allowfullscreen");
htmlSanitizer.AllowedSchemes.Add("mailto");
return htmlSanitizer;
});

5
BTCPayServer/Plugins/Crowdfund/CrowdfundPlugin.cs
View File

@ -44,7 +44,6 @@ namespace BTCPayServer.Plugins.Crowdfund
private readonly IOptions<BTCPayServerOptions> _options;
private readonly DisplayFormatter _displayFormatter;
private readonly CurrencyNameTable _currencyNameTable;
private readonly HtmlSanitizer _htmlSanitizer;
private readonly InvoiceRepository _invoiceRepository;
public const string AppType = "Crowdfund";
@ -53,15 +52,13 @@ namespace BTCPayServer.Plugins.Crowdfund
IOptions<BTCPayServerOptions> options,
InvoiceRepository invoiceRepository,
DisplayFormatter displayFormatter,
CurrencyNameTable currencyNameTable,
HtmlSanitizer htmlSanitizer)
CurrencyNameTable currencyNameTable)
{
Description = Type = AppType;
_linkGenerator = linkGenerator;
_options = options;
_displayFormatter = displayFormatter;
_currencyNameTable = currencyNameTable;
_htmlSanitizer = htmlSanitizer;
_invoiceRepository = invoiceRepository;
}

3
BTCPayServer/Plugins/PointOfSale/PointOfSalePlugin.cs
View File

@ -56,8 +56,7 @@ namespace BTCPayServer.Plugins.PointOfSale
public PointOfSaleAppType(
LinkGenerator linkGenerator,
IOptions<BTCPayServerOptions> btcPayServerOptions,
DisplayFormatter displayFormatter,
HtmlSanitizer htmlSanitizer)
DisplayFormatter displayFormatter)
{
Type = AppType;
Description = "Point of Sale";

5
BTCPayServer/Services/Apps/AppService.cs
View File

@ -45,7 +45,6 @@ namespace BTCPayServer.Services.Apps
readonly CurrencyNameTable _Currencies;
private readonly DisplayFormatter _displayFormatter;
private readonly StoreRepository _storeRepository;
private readonly HtmlSanitizer _HtmlSanitizer;
public CurrencyNameTable Currencies => _Currencies;
public AppService(
@ -54,15 +53,13 @@ namespace BTCPayServer.Services.Apps
InvoiceRepository invoiceRepository,
CurrencyNameTable currencies,
DisplayFormatter displayFormatter,
StoreRepository storeRepository,
HtmlSanitizer htmlSanitizer)
StoreRepository storeRepository)
{
_appTypes = apps.ToDictionary(a => a.Type, a => a);
_ContextFactory = contextFactory;
_InvoiceRepository = invoiceRepository;
_Currencies = currencies;
_storeRepository = storeRepository;
_HtmlSanitizer = htmlSanitizer;
_displayFormatter = displayFormatter;
}
#nullable enable