[HtmlSanitizer] Add functions to handle operations on multiple attrib…

…utes or elements at the same time
symfony · EdouardCourty · Dec 6, 2023 · Dec 7, 2023 · Dec 6, 2023 · 6160dcfe90d2d1bfca98d8de4f846bcbe2df0097
commit 6160dcfe90d2d1bfca98d8de4f846bcbe2df0097
diff --git a/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md b/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========

+7.1
+---
+
+ * Add functions to allow operations on arrays of attributes and elements at a time
+
 6.4
 ---


diff --git a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
@@ -274,6 +274,29 @@ public function allowElement(string $element, array|string $allowedAttributes =
        return $clone;
    }

+    /**
+     * Configures the given elements as allowed.
+     *
+     * Allowed elements are elements the sanitizer should retain from the input.
+     *
+     * A list of allowed attributes for this element can be passed as a second argument.
+     * Passing "*" will allow all standard attributes on this element. By default, no
+     * attributes are allowed on the element.
+     *
+     * @param list<string>        $elements
+     * @param list<string>|string $allowedAttributes
+     */
+    public function allowElements(array $elements, array|string $allowedAttributes = []): static
+    {
+        $clone = clone $this;
+
+        foreach ($elements as $element) {
+            $clone = $clone->allowElement($element, $allowedAttributes);
+        }
+
+        return $clone;
+    }
+
    /**
     * Configures the given element as blocked.
     *
@@ -292,6 +315,23 @@ public function blockElement(string $element): static
        return $clone;
    }

+    /**
+     * Configures the given elements as blocked.
+     *
+     * Blocked elements are elements the sanitizer should remove from the input, but retain
+     * their children.
+     */
+    public function blockElements(array $elements): static
+    {
+        $clone = clone $this;
+
+        foreach ($elements as $element) {
+            $clone = $clone->blockElement($element);
+        }
+
+        return $clone;
+    }
+
    /**
     * Configures the given element as dropped.
     *
@@ -310,6 +350,29 @@ public function dropElement(string $element): static
        return $clone;
    }

+    /**
+     * Configures the given elements as dropped.
+     *
+     * Dropped elements are elements the sanitizer should remove from the input, including
+     * their children.
+     *
+     * Note: when using an empty configuration, all unknown elements are dropped
+     * automatically. This method let you drop elements that were allowed earlier
+     * in the configuration.
+     *
+     * @param list<string> $elements
+     */
+    public function dropElements(array $elements): static
+    {
+        $clone = clone $this;
+
+        foreach ($elements as $element) {
+            $clone = $clone->dropElement($element);
+        }
+
+        return $clone;
+    }
+
    /**
     * Configures the given attribute as allowed.
     *
@@ -339,6 +402,30 @@ public function allowAttribute(string $attribute, array|string $allowedElements)
        return $clone;
    }

+    /**
+     * Configures the given attributes as allowed.
+     *
+     * Allowed attributes are attributes the sanitizer should retain from the input.
+     *
+     * A list of allowed elements for these attributes can be passed as a second argument.
+     * Passing "*" will allow all currently allowed elements to use this attribute.
+     *
+     * To configure each attribute for a specific element, please use the allowAttribute method instead.
+     *
+     * @param list<string>        $attributes
+     * @param list<string>|string $allowedElements
+     */
+    public function allowAttributes(array $attributes, array|string $allowedElements): static
+    {
+        $clone = clone $this;
+
+        foreach ($attributes as $attribute) {
+            $clone = $clone->allowAttribute($attribute, $allowedElements);
+        }
+
+        return $clone;
+    }
+
    /**
     * Configures the given attribute as dropped.
     *
@@ -367,6 +454,32 @@ public function dropAttribute(string $attribute, array|string $droppedElements):
        return $clone;
    }

+    /**
+     * Configures the given attributes as dropped.
+     *
+     * Dropped attributes are attributes the sanitizer should remove from the input.
+     *
+     * A list of elements on which to drop these attributes can be passed as a second argument.
+     * Passing "*" will drop this attribute from all currently allowed elements.
+     *
+     * Note: when using an empty configuration, all unknown attributes are dropped
+     * automatically. This method let you drop attributes that were allowed earlier
+     * in the configuration.
+     *
+     * @param list<string>        $attributes
+     * @param list<string>|string $droppedElements
+     */
+    public function dropAttributes(array $attributes, array|string $droppedElements): static
+    {
+        $clone = clone $this;
+
+        foreach ($attributes as $attribute) {
+            $clone = $clone->dropAttribute($attribute, $droppedElements);
+        }
+
+        return $clone;
+    }
+
    /**
     * Forcefully set the value of a given attribute on a given element.
     *