Commit 9289ab1

Mark Baker

authored

Replace anti-xss with html purifier (#1751)

* Replace voku/anti-xss with ezyang/htmlpurifier. Despite anti-xss being a smaller footprint dependency, an a better license fit with our MIT license, there are issues with it's automatic it sanitisation of global variables causing side effects * Additional unit tests for xss in html writer cell comments

1 parent 957cb62 commit 9289ab1Copy full SHA for 9289ab1

4 files changed

+354

-578

lines changed

composer.json
composer.lock
src/PhpSpreadsheet/Writer
- Html.php
tests/PhpSpreadsheetTests/Writer/Html
- XssVulnerabilityTest.php

4 files changed

+354

-578

lines changed

`‎composer.json`

+1-1

-Original file line number
+Diff line change
         "psr/simple-cache": "^1.0",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
 -        "voku/anti-xss": "^4.1"
 +        "ezyang/htmlpurifier": "^4.13"
     },
     "require-dev": {
         "dompdf/dompdf": "^0.8.5",

Comments

(0)