Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c0dbb90

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
bug #46274 [HtmlSanitizer] Fix node renderer handling of self-closing (void) elements (omniError)
This PR was merged into the 6.1 branch. Discussion ---------- [HtmlSanitizer] Fix node renderer handling of self-closing (void) elements | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #46258 | License | MIT | Doc PR | n/a When sanitizing an HTML string, the node renderer previously interpreted all empty (no children) nodes as being self-closing or void tags. This would result in invalid HTML being rendered in the result. This patch adds the list of valid void HTML5 elements and checks when a no-children node is encountered to see if the tag that is generated should be rendered as self-closing or not. Commits ------- 29c3e56 [HtmlSanitizer] Fix node renderer handling of self-closing (void) elements
2 parents fd64f5a + 29c3e56 commit c0dbb90
Copy full SHA for c0dbb90

File tree

2 files changed

+32
-3
lines changed
Filter options

2 files changed

+32
-3
lines changed

‎src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
+12-2Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -237,16 +237,21 @@ public function provideSanitizeBody()
237237
],
238238
[
239239
'<BODY BACKGROUND="javascript:alert(\'XSS\')">',
240-
'<body />',
240+
'<body></body>',
241241
],
242242
[
243243
'<BGSOUND SRC="javascript:alert(\'XSS\');">',
244-
'<bgsound />',
244+
'<bgsound></bgsound>',
245245
],
246246
[
247247
'<BR SIZE="&{alert(\'XSS\')}">',
248248
'<br size="&amp;{alert(&#039;XSS&#039;)}" />',
249249
],
250+
[
251+
'<BR></br>',
252+
'<br /><br />',
253+
],
254+
250255
[
251256
'<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>',
252257
'',
@@ -445,6 +450,11 @@ public function provideSanitizeBody()
445450
'<i>Lorem ipsum</i>',
446451
'<i>Lorem ipsum</i>',
447452
],
453+
[
454+
'<i></i>',
455+
'<i></i>',
456+
],
457+
448458
[
449459
'<li>Lorem ipsum</li>',
450460
'<li>Lorem ipsum</li>',

‎src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php
+20-1Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,25 @@
2020
*/
2121
final class Node implements NodeInterface
2222
{
23+
// HTML5 elements which are self-closing
24+
private const VOID_ELEMENTS = [
25+
'area' => true,
26+
'base' => true,
27+
'br' => true,
28+
'col' => true,
29+
'embed' => true,
30+
'hr' => true,
31+
'img' => true,
32+
'input' => true,
33+
'keygen' => true,
34+
'link' => true,
35+
'meta' => true,
36+
'param' => true,
37+
'source' => true,
38+
'track' => true,
39+
'wbr' => true,
40+
];
41+
2342
private NodeInterface $parent;
2443
private string $tagName;
2544
private array $attributes = [];
@@ -56,7 +75,7 @@ public function addChild(NodeInterface $node): void
5675

5776
public function render(): string
5877
{
59-
if (!$this->children) {
78+
if (isset(self::VOID_ELEMENTS[$this->tagName])) {
6079
return '<'.$this->tagName.$this->renderAttributes().' />';
6180
}
6281

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.