Merge pull request #216 from lara-zeus/fix-content

atmonshi · web-flow · commit 5d684552eb87 · 2024-10-06T19:15:22.000+03:00
Fix content
diff --git a/composer.lock b/composer.lock
diff --git a/src/Editors/MarkdownEditor.php b/src/Editors/MarkdownEditor.php
@@ -22,7 +22,11 @@ public static function component(): Component
     public static function render(string $content): string
     {
         if (class_exists(MarkdownEditorAlias::class)) {
-            return str($content)->markdown();
+            return (new \Illuminate\Support\HtmlString(
+                str(strip_tags($content))
+                    ->replace(['prompt(', 'eval(', '&lt;script', '<script'], '')
+                    ->markdown()
+            ))->toHtml();
         }
 
         return $content;
diff --git a/src/Editors/RichEditor.php b/src/Editors/RichEditor.php
@@ -21,6 +21,8 @@ public static function component(): Component
 
     public static function render(string $content): string
     {
-        return html_entity_decode($content);
+        return
+            str(html_entity_decode($content))
+                ->replace(['prompt(', 'eval(', '&lt;script', '<script'], '');
     }
 }
diff --git a/src/Editors/TinyEditor.php b/src/Editors/TinyEditor.php
@@ -24,7 +24,8 @@ public static function component(): Component
     public static function render(string $content): string
     {
         if (class_exists(TinyEditorAlias::class)) {
-            return html_entity_decode($content);
+            return str(html_entity_decode($content))
+                ->replace(['prompt(', 'eval(', '&lt;script', '<script'], '');
         }
 
         return $content;
diff --git a/src/Editors/TipTapEditor.php b/src/Editors/TipTapEditor.php
@@ -26,7 +26,11 @@ public static function render(string $content): string
     {
         if (class_exists(\FilamentTiptapEditor\TiptapEditor::class)) {
             // @phpstan-ignore-next-line
-            return tiptap_converter()->asHTML($content);
+            return tiptap_converter()
+                ->asHTML(
+                    str(html_entity_decode($content))
+                        ->replace(['prompt(', 'eval(', '&lt;script', '<script'], '')
+                );
         }
 
         return $content;

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,11 @@ public static function component(): Component`
`22`	`22`	`public static function render(string $content): string`
`23`	`23`	`{`
`24`	`24`	`if (class_exists(MarkdownEditorAlias::class)) {`
`25`		`- return str($content)->markdown();`
	`25`	`+ return (new \Illuminate\Support\HtmlString(`
	`26`	`+ str(strip_tags($content))`
	`27`	`+ ->replace(['prompt(', 'eval(', '<script', '<script'], '')`
	`28`	`+ ->markdown()`
	`29`	`+ ))->toHtml();`
`26`	`30`	`}`
`27`	`31`
`28`	`32`	`return $content;`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ public static function component(): Component`
`21`	`21`
`22`	`22`	`public static function render(string $content): string`
`23`	`23`	`{`
`24`		`- return html_entity_decode($content);`
	`24`	`+ return`
	`25`	`+ str(html_entity_decode($content))`
	`26`	`+ ->replace(['prompt(', 'eval(', '<script', '<script'], '');`
`25`	`27`	`}`
`26`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,8 @@ public static function component(): Component`
`24`	`24`	`public static function render(string $content): string`
`25`	`25`	`{`
`26`	`26`	`if (class_exists(TinyEditorAlias::class)) {`
`27`		`- return html_entity_decode($content);`
	`27`	`+ return str(html_entity_decode($content))`
	`28`	`+ ->replace(['prompt(', 'eval(', '<script', '<script'], '');`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`return $content;`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,11 @@ public static function render(string $content): string`
`26`	`26`	`{`
`27`	`27`	`if (class_exists(\FilamentTiptapEditor\TiptapEditor::class)) {`
`28`	`28`	`// @phpstan-ignore-next-line`
`29`		`- return tiptap_converter()->asHTML($content);`
	`29`	`+ return tiptap_converter()`
	`30`	`+ ->asHTML(`
	`31`	`+ str(html_entity_decode($content))`
	`32`	`+ ->replace(['prompt(', 'eval(', '<script', '<script'], '')`
	`33`	`+ );`
`30`	`34`	`}`
`31`	`35`
`32`	`36`	`return $content;`