Comments: Added HTML filter on load, tinymce elem filtering

[bookstack] / app / Activity / Models / Comment.php

diff --git a/app/Activity/Models/Comment.php b/app/Activity/Models/Comment.php
index bcbed6c56f03d7fd3dfe753b395c9dc6d2fc5d5e..038788afb9d82f2fcff309c0ad3f12dede873a3e 100644 (file)
--- a/app/Activity/Models/Comment.php
+++ b/app/Activity/Models/Comment.php
@@ -4,6 +4,7 @@ namespace BookStack\Activity\Models;
 
 use BookStack\App\Model;
 use BookStack\Users\Models\HasCreatorAndUpdater;
+use BookStack\Util\HtmlContentFilter;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\MorphTo;
@@ -12,10 +13,12 @@ use Illuminate\Database\Eloquent\Relations\MorphTo;
  * @property int      $id
  * @property string   $text
  * @property string   $html
- * @property int|null $parent_id
+ * @property int|null $parent_id  - Relates to local_id, not id
  * @property int      $local_id
  * @property string   $entity_type
  * @property int      $entity_id
+ * @property int      $created_by
+ * @property int      $updated_by
  */
 class Comment extends Model implements Loggable
 {
@@ -38,7 +41,9 @@ class Comment extends Model implements Loggable
      */
     public function parent(): BelongsTo
     {
-        return $this->belongsTo(Comment::class);
+        return $this->belongsTo(Comment::class, 'parent_id', 'local_id', 'parent')
+            ->where('entity_type', '=', $this->entity_type)
+            ->where('entity_id', '=', $this->entity_id);
     }
 
     /**
@@ -69,4 +74,9 @@ class Comment extends Model implements Loggable
     {
         return "Comment #{$this->local_id} (ID: {$this->id}) for {$this->entity_type} (ID: {$this->entity_id})";
     }
+
+    public function safeHtml(): string
+    {
+        return HtmlContentFilter::removeScriptsFromHtmlString($this->html ?? '');
+    }
 }