Sanitize browse categories HTML output

2026-04-25 08:12:46 +02:00
parent a0b903f09d
commit 157c6d49e8
2 changed files with 35 additions and 3 deletions
--- a/resources/views/browse-categories.blade.php
+++ b/resources/views/browse-categories.blade.php
@@ -7,6 +7,10 @@
@extends('layouts.nova')

@section('content')
+    @php
+        $sanitizeHtml = fn (?string $value) => \App\Services\ContentSanitizer::sanitizeRenderedHtml($value ?? '');
+    @endphp
+
    <div class="effect2">
        <div class="page-heading">
            <h1 class="page-header">Browse Categories</h1>
@@ -24,7 +28,7 @@
                <h2 class="panel-title">{{ $ct->name }}</h2>
            </div>
            <div class="panel-body">
-                <p>{!! $ct->description ?? '' !!}</p>
+                <p>{!! $sanitizeHtml($ct->description) !!}</p>

                @php
                    $roots = $categoriesByType[$ct->slug] ?? $ct->rootCategories ?? collect();
@@ -37,7 +41,7 @@
                        @foreach ($roots as $category)
                            <li style="display:block;margin-bottom:8px;">
                                <h4>{{ $category->name }}</h4>
-                                <p>{!! $category->description !!}</p>
+                                <p>{!! $sanitizeHtml($category->description) !!}</p>
                                <ul style="list-style:none;padding:0;margin:0;">
                                    @foreach ($category->subcategories as $subcategory)
                                        @php
@@ -47,7 +51,7 @@
                                        @endphp
                                        <li style="width:19%;display:inline-block;vertical-align:top;">
                                            <img src="/gfx/icons/{{ $picture }}" width="15" height="15" alt="{{ $subcategoryName }}" />
-                                            <a href="{{ $subcategoryUrl }}" title="{{ $subcategoryName }}">{!! $subcategoryName !!}</a>
+                                            <a href="{{ $subcategoryUrl }}" title="{{ $subcategoryName }}">{{ $subcategoryName }}</a>
                                        </li>
                                    @endforeach
                                </ul>