Merge branch 'html-scrubber'

1 files changed, 17 insertions, 0 deletions

diff --git a/perllib/FixMyStreet/Template.pm b/perllib/FixMyStreet/Template.pm
index 84faeb562..afab83e41 100644
--- a/perllib/FixMyStreet/Template.pm
+++ b/perllib/FixMyStreet/Template.pm
@@ -6,6 +6,7 @@ use warnings;
 use FixMyStreet;
 use mySociety::Locale;
 use Attribute::Handlers;
+use HTML::Scrubber;
 use FixMyStreet::Template::SafeString;
 use FixMyStreet::Template::Context;
 use FixMyStreet::Template::Stash;
@@ -135,4 +136,20 @@ sub html_paragraph : Filter('html_para') {
     return FixMyStreet::Template::SafeString->new($text);
 }
 
+sub sanitize {
+    my $text = shift;
+
+    my %allowed_tags = map { $_ => 1 } qw( p ul ol li br b i strong em );
+    my $scrubber = HTML::Scrubber->new(
+        rules => [
+            %allowed_tags,
+            a => { href => qr{^(http|/|tel)}i, style => 1, target => qr/^_blank$/, title => 1 },
+            font => { color => 1 },
+            span => { style => 1 },
+        ]
+    );
+    $text = $scrubber->scrub($text);
+    return $text;
+}
+
 1;