X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/756b55bbffedb6e5fde91f9fbc61f5a382f20705..refs/pull/5721/head:/app/Util/HtmlNonceApplicator.php diff --git a/app/Util/HtmlNonceApplicator.php b/app/Util/HtmlNonceApplicator.php index 07298577c..3a798e848 100644 --- a/app/Util/HtmlNonceApplicator.php +++ b/app/Util/HtmlNonceApplicator.php @@ -2,14 +2,12 @@ namespace BookStack\Util; -use DOMDocument; use DOMElement; use DOMNodeList; -use DOMXPath; class HtmlNonceApplicator { - protected static $placeholder = '[CSP_NONCE_VALUE]'; + protected static string $placeholder = '[CSP_NONCE_VALUE]'; /** * Prepare the given HTML content with nonce attributes including a placeholder @@ -21,28 +19,20 @@ class HtmlNonceApplicator return $html; } - $html = '' . $html . ''; - libxml_use_internal_errors(true); - $doc = new DOMDocument(); - $doc->loadHTML($html, LIBXML_SCHEMA_CREATE); - $xPath = new DOMXPath($doc); + // LIBXML_SCHEMA_CREATE was found to be required here otherwise + // the PHP DOMDocument handling will attempt to format/close + // HTML tags within scripts and therefore change JS content. + $doc = new HtmlDocument($html, LIBXML_SCHEMA_CREATE); // Apply to scripts - $scriptElems = $xPath->query('//script'); + $scriptElems = $doc->queryXPath('//script'); static::addNonceAttributes($scriptElems, static::$placeholder); // Apply to styles - $styleElems = $xPath->query('//style'); + $styleElems = $doc->queryXPath('//style'); static::addNonceAttributes($styleElems, static::$placeholder); - $returnHtml = ''; - $topElems = $doc->documentElement->childNodes->item(0)->childNodes; - foreach ($topElems as $child) { - $content = $doc->saveHTML($child); - $returnHtml .= $content; - } - - return $returnHtml; + return $doc->getBodyInnerHtml(); } /**