Stand: SMTP-Test, Admin-Mail-Tab, Notifiable-Fix, Lazy-Quill

- Fix: Notifiable-Trait zum User-Model hinzugefuegt (behebt notify()-500er) - Installer: SMTP-Verbindungstest mit EsmtpTransport + Ueberspringen-Link - Admin: Neuer E-Mail-Tab mit SMTP-Konfiguration + Verbindungstest - Admin: Lazy Quill-Initialisierung (nur sichtbare Locale wird geladen) - Uebersetzungen: 17 neue Mail-Keys in allen 6 Sprachen Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 07:30:37 +01:00
commit 2e24a40d68
9633 changed files with 1300799 additions and 0 deletions
--- a/app/Services/HtmlSanitizerService.php
+++ b/app/Services/HtmlSanitizerService.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Services;
+
+use HTMLPurifier;
+use HTMLPurifier_Config;
+
+class HtmlSanitizerService
+{
+    private HTMLPurifier $purifier;
+
+    public function __construct()
+    {
+        $config = HTMLPurifier_Config::createDefault();
+        $config->set('HTML.Allowed', 'p,br,strong,b,em,i,u,ul,ol,li,a[href|target],h2[id],h3[id],h4[id],blockquote,span[style]');
+        $config->set('CSS.AllowedProperties', 'color,background-color');
+        $config->set('HTML.TargetBlank', true);
+        $config->set('AutoFormat.RemoveEmpty', true);
+        // DOM-Clobbering-Schutz: IDs in User-Content prefixen (V18)
+        $config->set('Attr.IDPrefix', 'uc-');
+        $config->set('Cache.SerializerPath', storage_path('app/purifier'));
+
+        $this->purifier = new HTMLPurifier($config);
+    }
+
+    public function sanitize(string $dirtyHtml): string
+    {
+        return $this->purifier->purify($dirtyHtml);
+    }
+}