Allow disabling EL / show sanitization

Author: aguingand

resources/js/entity-list/components/EntityList.vue

@@ -783,7 +783,7 @@
                                                             <template v-if="field.html && typeof item[field.key] === 'string'">
                                                                 <Content class="break-words [&_a]:relative [&_a]:z-10"
                                                                     :class="{ '[&_a]:pointer-events-none': selecting || reordering }"
-                                                                    :html="sanitize(item[field.key])"
+                                                                    :html="field.sanitize ? sanitize(item[field.key]) : item[field.key]"
                                                                 />
                                                             </template>
                                                             <template v-else>

resources/js/show/components/fields/text/Text.vue

@@ -10,6 +10,7 @@
     import { useParentShow } from "@/show/useParentShow";
     import { ContentUploadManager } from "@/content/ContentUploadManager";
     import { Button } from "@/components/ui/button";
+    import { sanitize } from "@/utils/sanitize";
 
     const props = defineProps<ShowFieldProps<ShowTextFieldData>>();
 
@@ -74,7 +75,7 @@
         <template v-if="currentContent && field.html">
             <TextRenderer
                 class="content content-sm text-sm [:where(&)_:where(h1,h2,h3)]:text-foreground/75"
-                :content="currentContent"
+                :content="field.sanitize ? sanitize(currentContent) : currentContent"
                 :field="field"
             />
         </template>

resources/js/show/components/fields/text/TextRenderer.vue

@@ -5,7 +5,6 @@
     import { ShowTextFieldData } from "@/types";
     import Embed from "@/show/components/fields/text/nodes/Embed.vue";
     import { components } from '@/components/TemplateRenderer.vue';
-    import { sanitize } from "@/utils/sanitize";
 
     const props = defineProps<{
         field: ShowTextFieldData,
@@ -14,7 +13,7 @@
 
     const formattedContent = computed(() => {
         const dom = document.createElement('template');
-        dom.innerHTML = sanitize(props.content);
+        dom.innerHTML = props.content;
         dom.content.querySelectorAll('[data-html-content]').forEach(htmlNode => {
             const component = document.createElement('html-content');
             component.setAttribute('content', htmlNode.innerHTML.trim());

resources/js/types/generated.d.ts

@@ -184,6 +184,7 @@ export type EntityListFieldData = {
   width: string | null;
   hideOnXS: boolean;
   html: boolean | null;
+  sanitize: boolean | null;
   tooltip: string | null;
 };
 export type EntityListItemMeta = {
@@ -881,6 +882,7 @@ export type ShowTextFieldData = {
   type: "text";
   emptyVisible: boolean;
   html: boolean;
+  sanitize: boolean;
   localized: boolean | null;
   collapseToWordCount: number | null;
   embeds: { [key: string]: EmbedData } | null;

src/Data/EntityList/EntityListFieldData.php

@@ -19,6 +19,7 @@ public function __construct(
         public ?string $width,
         public bool $hideOnXS,
         public ?bool $html = null,
+        public ?bool $sanitize = null,
         public ?string $tooltip = null,
     ) {}
 }

src/Data/Show/Fields/ShowTextFieldData.php

@@ -24,6 +24,7 @@ public function __construct(
         public ShowFieldType $type,
         public bool $emptyVisible,
         public bool $html,
+        public bool $sanitize,
         public ?bool $localized = null,
         public ?int $collapseToWordCount = null,
         /** @var array<string, EmbedData> */

src/EntityList/Fields/EntityListField.php

@@ -2,17 +2,21 @@
 
 namespace Code16\Sharp\EntityList\Fields;
 
+use Code16\Sharp\Utils\Sanitization\IsSharpFieldWithHtmlSanitization;
+use Code16\Sharp\Utils\Sanitization\SharpFieldWithHtmlSanitization;
 use Illuminate\Contracts\Support\Arrayable;
 
-class EntityListField implements Arrayable, IsEntityListField
+class EntityListField implements Arrayable, IsEntityListField, IsSharpFieldWithHtmlSanitization
 {
     use HasCommonEntityListFieldAttributes;
+    use SharpFieldWithHtmlSanitization;
 
     protected bool $html = true;
 
     private function __construct(string $key)
     {
         $this->key = $key;
+        $this->sanitize = true;
     }
 
     public static function make(string $key): self
@@ -51,6 +55,7 @@ public function toArray(): array
             'label' => $this->label,
             'sortable' => $this->sortable,
             'html' => $this->html,
+            'sanitize' => $this->sanitize,
             'width' => $this->width,
             'hideOnXS' => $this->hideOnXs,
         ];

src/Show/Fields/SharpShowTextField.php

@@ -2,15 +2,19 @@
 
 namespace Code16\Sharp\Show\Fields;
 
+use Code16\Sharp\Show\Fields\Formatters\SharpShowFieldFormatter;
 use Code16\Sharp\Show\Fields\Formatters\TextFormatter;
 use Code16\Sharp\Utils\Fields\IsSharpFieldWithEmbeds;
 use Code16\Sharp\Utils\Fields\IsSharpFieldWithLocalization;
 use Code16\Sharp\Utils\Fields\SharpFieldWithEmbeds;
 use Code16\Sharp\Utils\Fields\SharpFieldWithLocalization;
+use Code16\Sharp\Utils\Sanitization\IsSharpFieldWithHtmlSanitization;
+use Code16\Sharp\Utils\Sanitization\SharpFieldWithHtmlSanitization;
 
-class SharpShowTextField extends SharpShowField implements IsSharpFieldWithEmbeds, IsSharpFieldWithLocalization
+class SharpShowTextField extends SharpShowField implements IsSharpFieldWithEmbeds, IsSharpFieldWithHtmlSanitization, IsSharpFieldWithLocalization
 {
     use SharpFieldWithEmbeds;
+    use SharpFieldWithHtmlSanitization;
     use SharpFieldWithLocalization;
 
     const FIELD_TYPE = 'text';
@@ -19,6 +23,12 @@ class SharpShowTextField extends SharpShowField implements IsSharpFieldWithEmbed
     protected ?int $collapseToWordCount = null;
     protected bool $html = true;
 
+    protected function __construct(string $key, string $type, ?SharpShowFieldFormatter $formatter = null)
+    {
+        parent::__construct($key, $type, $formatter);
+        $this->sanitize = true;
+    }
+
     public static function make(string $key): SharpShowTextField
     {
         return new static($key, static::FIELD_TYPE, new TextFormatter());
@@ -57,6 +67,7 @@ public function toArray(): array
         return parent::buildArray([
             'label' => $this->label,
             'html' => $this->html,
+            'sanitize' => $this->sanitize,
             'collapseToWordCount' => $this->collapseToWordCount,
             'localized' => $this->localized,
             'embeds' => $this->innerComponentEmbedsConfiguration(false) ?: null,

src/Utils/Sanitization/SharpFieldWithHtmlSanitization.php

@@ -13,6 +13,9 @@ public function shouldSanitizeHtml(bool $sanitize = true): self
         return $this;
     }
 
+    /**
+     * @internal
+     */
     public function isSanitizingHtml(): bool
     {
         return $this->sanitize;