From eaefc0b5a2fa9eda2c6f9645dc31a755f9d654a8 Mon Sep 17 00:00:00 2001 From: bernardhanna Date: Wed, 10 Jun 2026 10:43:34 +0100 Subject: [PATCH] Allow HTML links in homepage slider descriptions from Nova. Sanitize descriptions to permit safe anchor tags and style them with the site blue link treatment so editors can add inline links without extra buttons. Co-authored-by: Cursor --- app/HomeSlide.php | 13 +++++++++++++ app/Nova/HomeSlide.php | 2 +- config/purify.php | 12 ++++++++++++ resources/views/static/home.blade.php | 4 ++-- 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/app/HomeSlide.php b/app/HomeSlide.php index 768d14339..f3ea80be5 100644 --- a/app/HomeSlide.php +++ b/app/HomeSlide.php @@ -3,6 +3,7 @@ namespace App; use Illuminate\Database\Eloquent\Model; +use Stevebauman\Purify\Facades\Purify; class HomeSlide extends Model { @@ -94,6 +95,18 @@ public function button2TextForLocale(?string $locale = null): ?string return $val === null || $val === '' ? null : (string) __($val); } + /** + * Sanitize homepage slide description HTML, allowing only safe links. + */ + public static function sanitizeDescriptionHtml(string $html): string + { + if ($html === '') { + return ''; + } + + return (string) Purify::config('home_slide')->clean($html); + } + public function scopeActive($query) { return $query->where('active', true); diff --git a/app/Nova/HomeSlide.php b/app/Nova/HomeSlide.php index e23ec8a69..4f674054a 100644 --- a/app/Nova/HomeSlide.php +++ b/app/Nova/HomeSlide.php @@ -243,7 +243,7 @@ public function fields(Request $request): array Textarea::make('Description', 'description') ->nullable() - ->help('Lang key (e.g. home.banner4_description) or plain text. Translated via resources/lang per locale.'), + ->help('Lang key (e.g. home.banner4_description) or plain text. HTML links allowed, e.g. Check our Careers in Digital page! Translated via resources/lang per locale.'), Text::make('Primary button URL', 'url')->rules('required')->hideFromIndex(), Text::make('Primary button label', 'button_text') diff --git a/config/purify.php b/config/purify.php index a1e61911f..26eea827b 100644 --- a/config/purify.php +++ b/config/purify.php @@ -49,6 +49,18 @@ 'AutoFormat.RemoveEmpty' => false, ], + 'home_slide' => [ + 'Core.Encoding' => 'utf-8', + 'HTML.Doctype' => 'HTML 4.01 Transitional', + 'HTML.Allowed' => 'a[href|target|rel]', + 'HTML.ForbiddenElements' => '', + 'CSS.AllowedProperties' => '', + 'AutoFormat.AutoParagraph' => false, + 'AutoFormat.RemoveEmpty' => false, + 'Attr.AllowedFrameTargets' => ['_blank'], + 'URI.AllowedSchemes' => ['http' => true, 'https' => true, 'mailto' => true], + ], + ], /* diff --git a/resources/views/static/home.blade.php b/resources/views/static/home.blade.php index 59db15a21..c5ef99e28 100644 --- a/resources/views/static/home.blade.php +++ b/resources/views/static/home.blade.php @@ -93,8 +93,8 @@ class="text-[#1C4DA1] text-[30px] md:text-[60px] leading-9 md:leading-[72px] fon {{ __($activity['title']) }}

- {{ strip_tags(__($activity['description'] ?? '')) }} + class="text-xl md:text-2xl leading-8 text-[#333E48] p-0 mb-4 max-md:max-w-full max-w-[525px] [&_a]:text-[#1C4DA1] [&_a]:font-semibold [&_a]:underline hover:[&_a]:opacity-80"> + {!! \App\HomeSlide::sanitizeDescriptionHtml(__($activity['description'] ?? '')) !!}