From e7599d49b0ece7ceef3a4e8d334782cc3df98be8 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Tue, 11 Apr 2023 06:47:28 +0200
Subject: [PATCH] fix: cleanup content before sending it to the user

---
 phpmyfaq/faq.php                           |  2 ++
 phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php | 21 +++++++++++++++++++++
 tests/phpMyFAQ/Helper/FaqHelperTest.php    | 10 ++++++++++
 3 files changed, 33 insertions(+)

diff --git a/phpmyfaq/faq.php b/phpmyfaq/faq.php
index 578ae55a8e..bb7cf27b94 100644
--- a/phpmyfaq/faq.php
+++ b/phpmyfaq/faq.php
@@ -105,6 +105,8 @@
     $answer = $faqHelper->renderMarkupContent($faq->faqRecord['content']);
 }
 
+$answer = $faqHelper->cleanUpContent($answer);
+
 // Rewrite URL fragments
 $currentUrl = htmlspecialchars("//{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}", ENT_QUOTES, 'UTF-8');
 $answer = $faqHelper->rewriteUrlFragments($answer, $currentUrl);
diff --git a/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
index cd8dc505a8..c482b1a712 100644
--- a/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
+++ b/phpmyfaq/src/phpMyFAQ/Helper/FaqHelper.php
@@ -17,6 +17,7 @@
 
 namespace phpMyFAQ\Helper;
 
+use DOMDocument;
 use Exception;
 use ParsedownExtra;
 use phpMyFAQ\Category;
@@ -226,4 +227,24 @@ public function createFaqUrl(FaqEntity $faqEntity, int $categoryId): string
             $faqEntity->getLanguage()
         );
     }
+
+    /**
+     * Remove <script> tags, we don't need them
+     *
+     * @param string $content
+     * @return string
+     */
+    public function cleanUpContent(string $content): string
+    {
+        $document = new DOMDocument();
+        $document->loadHTML($content, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);
+
+        $scriptTags = $document->getElementsByTagName('script');
+
+        for ($i = 0; $i < $scriptTags->length; $i++) {
+            $scriptTags->item($i)->parentNode->removeChild($scriptTags->item($i));
+        }
+
+        return preg_replace(['/\r/', '/\n/'], '', $document->saveHTML());
+    }
 }
diff --git a/tests/phpMyFAQ/Helper/FaqHelperTest.php b/tests/phpMyFAQ/Helper/FaqHelperTest.php
index fdce1ead65..ead622c621 100644
--- a/tests/phpMyFAQ/Helper/FaqHelperTest.php
+++ b/tests/phpMyFAQ/Helper/FaqHelperTest.php
@@ -59,4 +59,14 @@ public function testCreateFaqUrl(): void
             $this->faqHelper->createFaqUrl($faqEntity, 1)
         );
     }
+
+    public function testCleanUpContent(): void
+    {
+        $content = '<p>Some text <script>alert("Hello, world!");</script></p>';
+        $expectedOutput = '<p>Some text </p>';
+
+        $actualOutput = $this->faqHelper->cleanUpContent($content);
+
+        $this->assertEquals($expectedOutput, $actualOutput);
+    }
 }