gitmedia/presseportale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
presseportale/app/Services/PressRelease/PressReleaseHtmlSanitizer.php
Kevin Adametz d2ba22c0cf
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
create PM v0.5
2026-05-20 19:14:39 +02:00

85 lines
2.4 KiB
PHP
Raw Blame History

<?php
namespace App\Services\PressRelease;
use Illuminate\Support\HtmlString;
use Mews\Purifier\Facades\Purifier;
/**
* Sanitizes press-release HTML coming out of the Flux/Tiptap editor.
*
* - On save: clean() strips everything outside the press_release allowlist.
* - On display: render() returns a safe HtmlString. Legacy plain-text content
* (PMs imported before Phase 7) is detected heuristically and wrapped in
* <p>/<br> so it renders consistently next to new HTML content.
*/
class PressReleaseHtmlSanitizer
{
private const string PURIFIER_PROFILE = 'press_release';
/**
* Sanitize HTML before persisting to the database.
*/
public function clean(?string $html): string
{
if ($html === null || trim($html) === '') {
return '';
}
return (string) Purifier::clean($html, self::PURIFIER_PROFILE);
}
/**
* Detect whether the stored text is already HTML (Phase 7+) or
* legacy plain text from older imports.
*/
public function isHtml(?string $text): bool
{
if ($text === null || $text === '') {
return false;
}
return (bool) preg_match('/<(p|br|h2|h3|strong|em|ul|ol|li|blockquote|a)\b[^>]*>/i', $text);
}
/**
* Produce a display-ready, safe HtmlString.
*/
public function render(?string $text): HtmlString
{
if ($text === null || trim($text) === '') {
return new HtmlString('');
}
if ($this->isHtml($text)) {
return new HtmlString($this->clean($text));
}
$escaped = e($text);
$withBreaks = nl2br($escaped, false);
$paragraphs = preg_split('/(?:<br\s*\/?>\s*){2,}/i', $withBreaks) ?: [$withBreaks];
$html = collect($paragraphs)
->map(fn (string $chunk): string => trim($chunk))
->filter()
->map(fn (string $chunk): string => '<p>'.$chunk.'</p>')
->implode('');
return new HtmlString($html);
}
/**
* Plain-text length for character counters (without HTML noise).
*/
public function plainTextLength(?string $text): int
{
if ($text === null || $text === '') {
return 0;
}
$stripped = strip_tags($text);
$decoded = html_entity_decode($stripped, ENT_QUOTES | ENT_HTML5, 'UTF-8');
return mb_strlen(trim((string) preg_replace('/\s+/u', ' ', $decoded)));
}
}
Reference in a new issue View git blame Copy permalink