7802 Filter script tags from HTML of CMS pages during indexing

avstudnitz · avstudnitz · commit eac7ca35a4f5 · 2018-05-28T09:28:26.000+02:00
The tags themselves have been removed before, but not there content.
diff --git a/src/app/code/community/IntegerNet/Solr/Model/Bridge/Page.php b/src/app/code/community/IntegerNet/Solr/Model/Bridge/Page.php
@@ -59,14 +59,14 @@ public function getTitle()
     public function getContent()
     {
         if (is_null($this->_content)) {
-            $this->_content = Mage::helper('cms')->getPageTemplateProcessor()->filter($this->_page->getData('content'));
+            $this->_content = $this->filterHtml(Mage::helper('cms')->getPageTemplateProcessor()->filter($this->_page->getData('content')));
         }
         return $this->_content;
     }
 
     public function getAbstract()
     {
-        $content = trim(strip_tags(html_entity_decode(str_replace(array("\r", "\n", "\t"), ' ', $this->getContent()))));
+        $content = trim($this->filterHtml(html_entity_decode(str_replace(array("\r", "\n", "\t"), ' ', $this->getContent()))));
         if (strlen($content) > self::ABSTRACT_MAX_LENGTH) {
             $content = substr($content, 0, self::ABSTRACT_MAX_LENGTH) . '&hellip;';
         }
@@ -130,4 +130,16 @@ public function __call($method, $args)
     {
         return call_user_func_array(array($this->_page, $method), $args);
     }
+
+    /**
+     * Remove script tags (including its content) and other tags (keeping their content)
+     *
+     * @param string $html
+     * @return string
+     */
+    private function filterHtml($html)
+    {
+        $html = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html);
+        return strip_tags($html);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -59,14 +59,14 @@ public function getTitle()`
`59`	`59`	`public function getContent()`
`60`	`60`	`{`
`61`	`61`	`if (is_null($this->_content)) {`
`62`		`- $this->_content = Mage::helper('cms')->getPageTemplateProcessor()->filter($this->_page->getData('content'));`
	`62`	`+ $this->_content = $this->filterHtml(Mage::helper('cms')->getPageTemplateProcessor()->filter($this->_page->getData('content')));`
`63`	`63`	`}`
`64`	`64`	`return $this->_content;`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`public function getAbstract()`
`68`	`68`	`{`
`69`		`- $content = trim(strip_tags(html_entity_decode(str_replace(array("\r", "\n", "\t"), ' ', $this->getContent()))));`
	`69`	`+ $content = trim($this->filterHtml(html_entity_decode(str_replace(array("\r", "\n", "\t"), ' ', $this->getContent()))));`
`70`	`70`	`if (strlen($content) > self::ABSTRACT_MAX_LENGTH) {`
`71`	`71`	`$content = substr($content, 0, self::ABSTRACT_MAX_LENGTH) . '…';`
`72`	`72`	`}`
`@@ -130,4 +130,16 @@ public function __call($method, $args)`
`130`	`130`	`{`
`131`	`131`	`return call_user_func_array(array($this->_page, $method), $args);`
`132`	`132`	`}`
	`133`	`+`
	`134`	`+ /**`
	`135`	`+ * Remove script tags (including its content) and other tags (keeping their content)`
	`136`	`+ *`
	`137`	`+ * @param string $html`
	`138`	`+ * @return string`
	`139`	`+ */`
	`140`	`+ private function filterHtml($html)`
	`141`	`+ {`
	`142`	`+ $html = preg_replace('#<script(.?)>(.?)</script>#is', '', $html);`
	`143`	`+ return strip_tags($html);`
	`144`	`+ }`
`133`	`145`	`}`