BookStackApp
diff --git a/‎app/Entities/Tools/PageContent.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Entities/Tools/PageContent.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Theming/CustomHtmlHeadContentProvider.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Theming/CustomHtmlHeadContentProvider.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Util/ConfiguredHtmlPurifier.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Util/ConfiguredHtmlPurifier.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Util/CspService.php‎
Lines changed: 7 additions & 2 deletions b/‎app/Util/CspService.php‎
Lines changed: 7 additions & 2 deletions
@@ -339,7 +339,7 @@ protected function getContentCacheKey(string $html): string
     {
         $contentHash = md5($html);
         $contentId = $this->page->id;
-        $contentTime = $this->page->updated_at->timestamp;
+        $contentTime = $this->page->updated_at?->timestamp ?? time();
         $appVersion = AppVersion::get();
         return "page-content-cache::{$appVersion}::{$contentId}::{$contentTime}::{$contentHash}";
     }
 
@@ -41,7 +41,7 @@ public function forExport(): string
         $hash = md5($content);
 
         return $this->cache->remember('custom-head-export:' . $hash, 86400, function () use ($content) {
-            $config = new HtmlContentFilterConfig(filterOutNonContentElements: false);
+            $config = new HtmlContentFilterConfig(filterOutNonContentElements: false, useAllowListFilter: false);
             return (new HtmlContentFilter($config))->filterString($content);
         });
     }
 
@@ -62,7 +62,7 @@ protected function setConfig(HTMLPurifier_Config $config): void
         $config->set('Attr.EnableID', true);
         $config->set('Attr.ID.HTML5', true);
         $config->set('Output.FixInnerHTML', false);
-        $config->set('URI.SafeIframeRegexp', '%^(http://|https://)%');
+        $config->set('URI.SafeIframeRegexp', '%^(http://|https://|//)%');
         $config->set('URI.AllowedSchemes', [
             'http' => true,
             'https' => true,
 
@@ -65,7 +65,7 @@ public function allowedIFrameHostsConfigured(): bool
      */
     protected function getScriptSrc(): string
     {
-        if (config('app.allow_content_scripts')) {
+        if ($this->scriptFilteringDisabled()) {
             return '';
         }
 
@@ -108,7 +108,7 @@ protected function getFrameSrc(): string
      */
     protected function getObjectSrc(): string
     {
-        if (config('app.allow_content_scripts')) {
+        if ($this->scriptFilteringDisabled()) {
             return '';
         }
 
@@ -124,6 +124,11 @@ protected function getBaseUri(): string
         return "base-uri 'self'";
     }
 
+    protected function scriptFilteringDisabled(): bool
+    {
+        return !HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'))->filterOutJavaScript;
+    }
+
     protected function getAllowedIframeHosts(): array
     {
         $hosts = config('app.iframe_hosts') ?? '';
Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,7 @@ protected function getContentCacheKey(string $html): string`
`339`	`339`	`{`
`340`	`340`	`$contentHash = md5($html);`
`341`	`341`	`$contentId = $this->page->id;`
`342`		`- $contentTime = $this->page->updated_at->timestamp;`
	`342`	`+ $contentTime = $this->page->updated_at?->timestamp ?? time();`
`343`	`343`	`$appVersion = AppVersion::get();`
`344`	`344`	`return "page-content-cache::{$appVersion}::{$contentId}::{$contentTime}::{$contentHash}";`
`345`	`345`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function forExport(): string`
`41`	`41`	`$hash = md5($content);`
`42`	`42`
`43`	`43`	`return $this->cache->remember('custom-head-export:' . $hash, 86400, function () use ($content) {`
`44`		`- $config = new HtmlContentFilterConfig(filterOutNonContentElements: false);`
	`44`	`+ $config = new HtmlContentFilterConfig(filterOutNonContentElements: false, useAllowListFilter: false);`
`45`	`45`	`return (new HtmlContentFilter($config))->filterString($content);`
`46`	`46`	`});`
`47`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ public function allowedIFrameHostsConfigured(): bool`
`65`	`65`	`*/`
`66`	`66`	`protected function getScriptSrc(): string`
`67`	`67`	`{`
`68`		`- if (config('app.allow_content_scripts')) {`
	`68`	`+ if ($this->scriptFilteringDisabled()) {`
`69`	`69`	`return '';`
`70`	`70`	`}`
`71`	`71`
`@@ -108,7 +108,7 @@ protected function getFrameSrc(): string`
`108`	`108`	`*/`
`109`	`109`	`protected function getObjectSrc(): string`
`110`	`110`	`{`
`111`		`- if (config('app.allow_content_scripts')) {`
	`111`	`+ if ($this->scriptFilteringDisabled()) {`
`112`	`112`	`return '';`
`113`	`113`	`}`
`114`	`114`
`@@ -124,6 +124,11 @@ protected function getBaseUri(): string`
`124`	`124`	`return "base-uri 'self'";`
`125`	`125`	`}`
`126`	`126`
	`127`	`+ protected function scriptFilteringDisabled(): bool`
	`128`	`+ {`
	`129`	`+ return !HtmlContentFilterConfig::fromConfigString(config('app.content_filtering'))->filterOutJavaScript;`
	`130`	`+ }`
	`131`	`+`
`127`	`132`	`protected function getAllowedIframeHosts(): array`
`128`	`133`	`{`
`129`	`134`	`$hosts = config('app.iframe_hosts') ?? '';`