From 5f6f6f693d301ae867618f08c247316d55444609 Mon Sep 17 00:00:00 2001 From: Miguel N Date: Fri, 29 Jan 2021 17:20:28 +0000 Subject: [PATCH] Remove linebreak processing This approach would allow users to directly use HTML in their responses. We'd need to purify HTML on the way out to only allow
, otherwise, there'd be XSS concerns. Rendering as Markdown and letting users know they can use it is a better approach in the long run. --- app/Http/Controllers/ApplicationController.php | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/ApplicationController.php b/app/Http/Controllers/ApplicationController.php index 3537a27..d7400b9 100755 --- a/app/Http/Controllers/ApplicationController.php +++ b/app/Http/Controllers/ApplicationController.php @@ -36,20 +36,7 @@ use Illuminate\Support\Facades\Log; class ApplicationController extends Controller { - private function processOSLinebreaks(array $structuredResponses) - { - $processedResponses = $structuredResponses; - foreach ($structuredResponses as $field) - { - foreach($field as $fieldKey => $fieldData) - { - $originalResponse = $fieldData['response']; - $processedResponses['responses'][$fieldKey]['response'] = str_replace(["\r\n", "\r", "\n"], "
", $$ } - // We can't use nl2br because it preserves the line breaks and doesn't include all line breaks used by othe$ } - - return $processedResponses; - } - + private function canVote($votes): bool { $allvotes = collect([]); @@ -79,7 +66,7 @@ class ApplicationController extends Controller [ 'application' => $application, 'comments' => $application->comments, - 'structuredResponses' => $this->processOSLinebreaks(json_decode($application->response->responseData, true)), + 'structuredResponses' => json_decode($application->response->responseData, true), 'formStructure' => $application->response->form, 'vacancy' => $application->response->vacancy, 'canVote' => $this->canVote($application->votes),