Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[HtmlSanitizer] Fix node renderer handling of self-closing (void) elements #46274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 6, 2022
Merged

[HtmlSanitizer] Fix node renderer handling of self-closing (void) elements #46274

merged 1 commit into from
May 6, 2022

Conversation

omniError
Copy link
Contributor

Q A
Branch? 6.1
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #46258
License MIT
Doc PR n/a

When sanitizing an HTML string, the node renderer previously interpreted all empty (no children) nodes as being self-closing or void tags. This would result in invalid HTML being rendered in the result. This patch adds the list of valid void HTML5 elements and checks when a no-children node is encountered to see if the tag that is generated should be rendered as self-closing or not.

@carsonbot carsonbot added this to the 6.1 milestone May 5, 2022
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 6.1 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

nicolas-grekas
nicolas-grekas reviewed May 5, 2022
View reviewed changes
src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php Outdated Show resolved Hide resolved
nicolas-grekas
nicolas-grekas approved these changes May 6, 2022
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I updated the PR a bit)

@nicolas-grekas
Copy link
Member

Thank you @omniError.

@nicolas-grekas nicolas-grekas merged commit c0dbb90 into symfony:6.1 May 6, 2022
@omniError omniError deleted the patch-1 branch May 6, 2022 16:13
@fabpot fabpot mentioned this pull request May 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@stof stof stof approved these changes

Assignees
No one assigned
Labels
Bug HtmlSanitizer Status: Reviewed
Projects
None yet
Milestone
6.1
Development

Successfully merging this pull request may close these issues.

[HtmlSanitizer] Node renderer does not account for HTML5 void elements
4 participants
@omniError @carsonbot @nicolas-grekas @stof
Morty Proxy This is a proxified and sanitized view of the page, visit original site.