1<?php 2/** 3 * DokuWiki Plugin diagrams (Renderer Component) 4 * 5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6 * @author Innovakom + CosmoCode <dokuwiki@cosmocode.de> 7 */ 8class renderer_plugin_diagrams extends Doku_Renderer 9{ 10 11 /** @inheritDoc */ 12 public function getFormat() 13 { 14 return 'diagrams'; 15 } 16 17 /** 18 * Set proper headers 19 */ 20 public function document_start() 21 { 22 global $ID; 23 $headers = [ 24 'Content-Type' => 'image/svg+xml', 25 'Content-Security-Policy' => $this->getCSP(), 26 ]; 27 p_set_metadata($ID, ['format' => ['diagrams' => $headers]]); 28 // don't cache 29 $this->nocache(); 30 } 31 32 /** 33 * Create the content security policy 34 * @return string 35 */ 36 protected function getCSP() { 37 $policy = [ 38 'default-src' => "'none'", 39 'style-src' => "'unsafe-inline'", 40 'media-src' => "'self'", 41 'object-src' => "'self'", 42 'font-src' => "'self' data:", 43 'form-action' => "'none'", 44 'frame-ancestors' => "'self'", 45 'img-src' => "self data:", 46 'sandbox' => "allow-popups allow-top-navigation allow-same-origin", 47 ]; 48 49 /** @noinspection DuplicatedCode from dokuwiki\HTTP\Headers::contentSecurityPolicy() */ 50 foreach ($policy as $key => $values) { 51 // if the value is not an array, we also accept newline terminated strings 52 if (!is_array($values)) $values = explode("\n", $values); 53 $values = array_map('trim', $values); 54 $values = array_unique($values); 55 $values = array_filter($values); 56 $policy[$key] = $values; 57 } 58 59 $cspheader = ''; 60 foreach ($policy as $key => $values) { 61 if ($values) { 62 $cspheader .= " $key " . join(' ', $values) . ';'; 63 } else { 64 $cspheader .= " $key;"; 65 } 66 } 67 68 return $cspheader; 69 } 70} 71 72