Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-11-04 04:17:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5395 from beganovich/v5-0904-decode-html-on-frontend

Browse Source 
(v5) Switch decoding HTML from backend to Javascript
This commit is contained in:
Benjamin Beganović 2021-04-12 11:40:20 +01:00 committed by GitHub
commit c319dedf75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Services/PdfMaker/Designs/Utilities/DesignHelpers.php
View File

@ -209,8 +209,14 @@ trait DesignHelpers
$javascript = 'document.querySelectorAll("tbody > tr > td").forEach(t=>{if(""!==t.innerText){let e=t.getAttribute("data-ref").slice(0,-3);document.querySelector(`th[data-ref="${e}-th"]`).removeAttribute("hidden")}}),document.querySelectorAll("tbody > tr > td").forEach(t=>{let e=t.getAttribute("data-ref").slice(0,-3);(e=document.querySelector(`th[data-ref="${e}-th"]`)).hasAttribute("hidden")&&""==t.innerText&&t.setAttribute("hidden","true")});'; $javascript = 'document.querySelectorAll("tbody > tr > td").forEach(t=>{if(""!==t.innerText){let e=t.getAttribute("data-ref").slice(0,-3);document.querySelector(`th[data-ref="${e}-th"]`).removeAttribute("hidden")}}),document.querySelectorAll("tbody > tr > td").forEach(t=>{let e=t.getAttribute("data-ref").slice(0,-3);(e=document.querySelector(`th[data-ref="${e}-th"]`)).hasAttribute("hidden")&&""==t.innerText&&t.setAttribute("hidden","true")});';
// Previously we've been decoding the HTML on the backend and XML parsing isn't good options because it requires,
// strict & valid HTML to even output/decode. Decoding is now done on the frontend with this piece of Javascript.
$html_decode = 'document.querySelectorAll(`[data-state="encoded-html"]`).forEach((element) => element.innerHTML = element.innerText)';
return ['element' => 'div', 'elements' => [ return ['element' => 'div', 'elements' => [
['element' => 'script', 'content' => $javascript], ['element' => 'script', 'content' => $javascript],
['element' => 'script', 'content' => $html_decode],
]]; ]];
} }

17
app/Services/PdfMaker/PdfMakerUtilities.php
View File

@ -130,19 +130,14 @@ trait PdfMakerUtilities
} }
if ($contains_html) { if ($contains_html) {
// Support for injecting direct HTML into elements. // If the element contains the HTML, we gonna display it as is. DOMDocument, is going to
// Example: Without documentFragment(): <b>Hello!</b> will result: &lt;b&gt;Hello!&lt;/b&gt; // encode it for us, preventing any errors on the backend due processing stage.
// With document fragment we can evaluate HTML directly. // Later, we decode this using Javascript so it looks like it's normal HTML being injected.
// To get all elements that need frontend decoding, we use 'data-ref' property.
$_child = $this->document->createElement($child['element'], ''); $_child = $this->document->createElement($child['element'], '');
$_child->setAttribute('data-state', 'encoded-html');
$fragment = $this->document->createDocumentFragment(); $_child->nodeValue = htmlspecialchars($child['content']);
$fragment->appendXML(
strtr($child['content'], ['&' => '&amp;'])
);
$_child->appendChild($fragment);
} else { } else {
// .. in case string doesn't contain any HTML, we'll just return // .. in case string doesn't contain any HTML, we'll just return
// raw $content. // raw $content.