Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 098ff62

Browse filesBrowse files
fabpotfabpot
committed
minor #44814 [HtmlSanitizer] Some minor changes in the config API (javiereguiluz)
This PR was squashed before being merged into the 6.1 branch. Discussion ---------- [HtmlSanitizer] Some minor changes in the config API | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - First of all, thanks to @tgalopin for this superb contribution 🙇 This PR makes 3 little changes: (1) Fix two minor typos (2) Rename `allowAllStaticElements()` as `allowStaticElements()` to be consistent with the rest of methods, which don't include the `All` word. (3) A proposal to change this default value: ```diff -public function allowElement(string $element, array|string $allowedAttributes = []): static +public function allowElement(string $element, array|string $allowedAttributes = '*'): static ``` In my opinion, when you want to allow some element, most of the times you want to allow the standard attributes on them too. So, the following should allow `<div>` and their standard attributes: ```php ->allowElement('div') ``` Forcing to write it as `->allowElement('div', '*')` seems cumbersome. The previous behavior (forbid all attributes) would now be like this: ```php ->allowElement('div', []) ``` Commits ------- 84470ef [HtmlSanitizer] Some minor changes in the config API
2 parents 06f4bd7 + 84470ef commit 098ff62
Copy full SHA for 098ff62

File tree

5 files changed

+5
-5
lines changed
Filter options

5 files changed

+5
-5
lines changed

‎src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ public function __construct()
105105
* All scripts will be removed but the output may still contain other dangerous
106106
* behaviors like CSS injection (click-jacking), CSS expressions, ...
107107
*/
108-
public function allowAllStaticElements(): static
108+
public function allowStaticElements(): static
109109
{
110110
$elements = array_merge(
111111
array_keys(W3CReference::HEAD_ELEMENTS),

‎src/Symfony/Component/HtmlSanitizer/README.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/README.md
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ $config = (new HtmlSanitizerConfig())
2222
// standard. All scripts will be removed but the output may still contain
2323
// other dangerous behaviors like CSS injection (click-jacking), CSS
2424
// expressions, ...
25-
->allowAllStaticElements()
25+
->allowStaticElements()
2626

2727
// Allow the "div" element and no attribute can be on it
2828
->allowElement('div')

‎src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ private function createSanitizer(): HtmlSanitizer
2121
{
2222
return new HtmlSanitizer(
2323
(new HtmlSanitizerConfig())
24-
->allowAllStaticElements()
24+
->allowStaticElements()
2525
->allowLinkHosts(['trusted.com', 'external.com'])
2626
->allowMediaHosts(['trusted.com', 'external.com'])
2727
->allowRelativeLinks()

‎src/Symfony/Component/HtmlSanitizer/TextSanitizer/StringSanitizer.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/TextSanitizer/StringSanitizer.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ final class StringSanitizer
2626
// "&#34;" is shorter than "&quot;"
2727
'&quot;',
2828

29-
// Fix several potential issues in how browsers intepret attributes values
29+
// Fix several potential issues in how browsers interpret attributes values
3030
'+',
3131
'=',
3232
'@',

‎src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ final class DomVisitor
4747
private array $elementsConfig;
4848

4949
/**
50-
* Registry of attributes to forcefuly set on nodes, index by element and attribute.
50+
* Registry of attributes to forcefully set on nodes, index by element and attribute.
5151
*
5252
* @var array<string, array<string, string>>
5353
*/

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.