Bugfix

Author: JulianPrieber

app/Http/Controllers/UserController.php

@@ -14,6 +14,7 @@
 use DB;
 use ZipArchive;
 use File;
+use DOMDocument;
 
 use App\Models\User;
 use App\Models\Button;
@@ -720,8 +721,34 @@ public function editPage(request $request)
 
         $profilePhoto = $request->file('image');
         $pageName = $request->littlelink_name;
-        $pageDescription = strip_tags($request->pageDescription,'<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
-        $pageDescription = preg_replace("/<a([^>]*)>/i", "<a $1 rel=\"noopener noreferrer nofollow\">", $pageDescription);
+        $pageDescription = $request->pageDescription;
+
+        // Strip HTML tags except for allowed tags
+        $pageDescription = strip_tags($pageDescription, '<a><p><strong><i><ul><ol><li><blockquote><h2><h3><h4>');
+        
+        // Sanitize attributes and remove JavaScript code
+        if (!empty($pageDescription)) {
+            $document = new DOMDocument();
+            $document->loadHTML($pageDescription, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);
+        
+            // Find all elements that have attributes
+            $elements = $document->getElementsByTagName('*');
+            foreach ($elements as $element) {
+                // Check each attribute of the element
+                foreach ($element->attributes as $attribute) {
+                    $attributeName = $attribute->nodeName;
+        
+                    // Remove attributes that contain "on" followed by an event name
+                    if (strpos($attributeName, 'on') === 0) {
+                        $element->removeAttribute($attributeName);
+                    }
+                }
+            }
+        
+            // Get the sanitized HTML back
+            $pageDescription = $document->saveHTML();
+        }
+
         $name = $request->name;
         $checkmark = $request->checkmark;
         $sharebtn = $request->sharebtn;