public function testDangerousLink() { $parser = new MarkdownParser($this->filter); $html = $parser->parse('[click me!](https://example.com)'); $this->assertEquals('<p><a href="https://example.com">click me!</a></p>', trim($html)); $html = $parser->parse('[click me!](javascript:xx)'); $this->assertEquals('<p><a>click me!</a></p>', trim($html)); }
/** * 修改主题 * * @param \MongoId $discussionId * @param string $markdown * @return array|null * @throws InvalidArgumentException * @throws UserException */ public static function modifyDiscussion(\MongoId $discussionId, $markdown) { if (!is_string($markdown)) { throw new InvalidArgumentException('markdown', 'type_invalid'); } if (!mb_check_encoding($markdown, 'UTF-8')) { throw new InvalidArgumentException('markdown', 'encoding_invalid'); } //if (!Validator::length(VJ::COMMENT_MIN, VJ::COMMENT_MAX)) { //throw new UserException('CommentUtil.content_invalid_length'); //} self::initParser(); $html = self::$parser->parse($markdown); $keyword = KeywordFilter::isContainGeneric(strip_tags($html)); if ($keyword !== false) { throw new UserException('CommentUtil.content_forbid', ['keyword' => $keyword]); } $result = Application::coll('Discussion')->update(['_id' => $discussionId], ['$set' => ['raw' => $markdown, 'html' => $html]]); if ($result['n'] === 1) { Application::emit('discussion.modify.succeeded', [$discussionId]); return ['_id' => $discussionId, 'html' => $html]; } else { return null; } }
/** * 修改回复 * * @param \MongoId $commentId * @param string $ref * @param \MongoId $replyId * @param string $markdown * @return array|null * @throws InvalidArgumentException * @throws UserException */ public static function modifyReply(\MongoId $commentId, $ref, \MongoId $replyId, $markdown) { if (!is_string($ref)) { throw new InvalidArgumentException('ref', 'type_invalid'); } if (!mb_check_encoding($ref, 'UTF-8')) { throw new InvalidArgumentException('ref', 'encoding_invalid'); } if (!is_string($markdown)) { throw new InvalidArgumentException('markdown', 'type_invalid'); } if (!mb_check_encoding($markdown, 'UTF-8')) { throw new InvalidArgumentException('markdown', 'encoding_invalid'); } if (!Validator::length(VJ::COMMENT_MIN, VJ::COMMENT_MAX)) { throw new UserException('CommentUtil.content_invalid_length'); } self::initParser(); $html = self::$parser->parse($markdown); $keyword = KeywordFilter::isContainGeneric(strip_tags($html)); if ($keyword !== false) { throw new UserException('CommentUtil.content_forbid', ['keyword' => $keyword]); } $result = Application::coll('Comment')->update(['_id' => $commentId, 'ref' => $ref, 'deleted' => false, 'replies' => ['$elemMatch' => ['_id' => $replyId, 'deleted' => false]]], ['$set' => ['replies.$.raw' => $markdown, 'replies.$.html' => $html, 'replies.$.modifyat' => new \MongoDate()]]); if ($result['n'] === 1) { Application::emit('comment.reply.modify.succeeded', [$ref, $commentId, $replyId]); return ['_id' => $replyId, 'html' => $html]; } else { return null; } }
public static function modifyContent(\MongoId $pid, $uid, $markdown) { if (!Validator::int()->validate($uid)) { throw new InvalidArgumentException('uid', 'type_invalid'); } if (!is_string($markdown)) { throw new InvalidArgumentException('markdown', 'type_invalid'); } if (!mb_check_encoding($markdown, 'UTF-8')) { throw new InvalidArgumentException('markdown', 'encoding_invalid'); } if (!Validator::length(VJ::PROBLEM_CONTENT_MIN, VJ::PROBLEM_CONTENT_MAX)) { throw new UserException('ProblemUtil.content_invalid_length'); } self::initParser(); $html = self::$parser->parse($markdown); $keyword = KeywordFilter::isContainGeneric(strip_tags($html)); if ($keyword !== false) { throw new UserException('ProblemUtil.content_forbid', ['keyword' => $keyword]); } // process history // WARNING: not atomic operation here $rec = Application::coll('Problem')->findOne(['_id' => $pid]); if ($rec === null) { throw new UserException('ProblemUtil.modifyContent.invalid_problem'); } // push history $history = self::decodeHistory($rec['history']); $history[] = ['owner' => (int) $uid, 'at' => new \MongoDate(), 'raw' => $markdown]; Application::coll('Problem')->update(['_id' => $pid], ['$set' => ['history' => self::encodeHistory($history)]]); // update content $result = Application::coll('Problem')->update(['_id' => $pid], ['$set' => ['raw' => $markdown, 'html' => $html]]); return $result['n'] === 1; }