Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

[HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data #58547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 6.4
Choose a base branch
Loading
from

Conversation

tgalopin
Copy link
Contributor

Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #58065
License MIT

Fix the override of an existing attribute value.

Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding an optional argument is for 7.x

@tgalopin
Copy link
Contributor Author

Indeed thanks for the catch!

If that's good for you I'll handle it using func_get_args to fix the issue on 6.4 (it's a real bug, I think it's worth it)

@stof
Copy link
Member

stof commented Oct 23, 2024

Node is a final class, so it can add the argument directly (as there is no issue regarding keeping BC for child classes overriding the method)

@AppyGG
Copy link

AppyGG commented Nov 6, 2024

Hi, to help on this issue, is there something to change to allow merge for 6.4 ?

@AppyGG
Copy link

AppyGG commented Feb 13, 2025

Hello, small up on this PR, i really think this needs to be fix to improve sanitized content security

I'm uncertain if the Node.php class needs modification or if the changes proposed by @tgalopin are good regarding the BC policy ?

@OskarStark OskarStark changed the title [HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data [HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data Feb 13, 2025
@OskarStark OskarStark requested a review from chalasr February 13, 2025 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants
Morty Proxy This is a proxified and sanitized view of the page, visit original site.