Skip to content

Commit aea1a47

Browse files
nicolas-grekasnicolas-grekas
committed
bug #46849 [HtmlSanitizer] Allow null for sanitizer option allowed_link_hosts and allowed_media_hosts (plfort)
This PR was squashed before being merged into the 6.1 branch. Discussion ---------- [HtmlSanitizer] Allow null for sanitizer option `allowed_link_hosts` and `allowed_media_hosts` | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #46647 | License | MIT | Doc PR | I set `allowed_link_hosts` an `allowed_media_hosts` default value to `null` instead of an empty array, this introduces a breaking change. We can keep the current behavior by setting `defaultValue([])` in `Configuration.php` but I don't know how to set the default value to an empty array **and set it to `null` manually in XML configuration**. Need your help 😅 Commits ------- d3780c5 [HtmlSanitizer] Allow null for sanitizer option `allowed_link_hosts` and `allowed_media_hosts`
2 parents cf9aff6 + d3780c5 commit aea1a47

File tree

5 files changed

+49
-4
lines changed

5 files changed

+49
-4
lines changed

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2223,9 +2223,13 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
22232223
->info('Allows only a given list of schemes to be used in links href attributes.')
22242224
->scalarPrototype()->end()
22252225
->end()
2226-
->arrayNode('allowed_link_hosts')
2226+
->variableNode('allowed_link_hosts')
22272227
->info('Allows only a given list of hosts to be used in links href attributes.')
2228-
->scalarPrototype()->end()
2228+
->defaultValue(null)
2229+
->validate()
2230+
->ifTrue(function ($v) { return !\is_array($v) && null !== $v; })
2231+
->thenInvalid('The "allowed_link_hosts" parameter must be an array or null')
2232+
->end()
22292233
->end()
22302234
->booleanNode('allow_relative_links')
22312235
->info('Allows relative URLs to be used in links href attributes.')
@@ -2235,9 +2239,13 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
22352239
->info('Allows only a given list of schemes to be used in media source attributes (img, audio, video, ...).')
22362240
->scalarPrototype()->end()
22372241
->end()
2238-
->arrayNode('allowed_media_hosts')
2242+
->variableNode('allowed_media_hosts')
22392243
->info('Allows only a given list of hosts to be used in media source attributes (img, audio, video, ...).')
2240-
->scalarPrototype()->end()
2244+
->defaultValue(null)
2245+
->validate()
2246+
->ifTrue(function ($v) { return !\is_array($v) && null !== $v; })
2247+
->thenInvalid('The "allowed_media_hosts" parameter must be an array or null')
2248+
->end()
22412249
->end()
22422250
->booleanNode('allow_relative_medias')
22432251
->info('Allows relative URLs to be used in media source attributes (img, audio, video, ...).')

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/html_sanitizer_default_allowed_link_and_media_hosts.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
<?php
2+
3+
$container->loadFromExtension('framework', [
4+
'http_method_override' => false,
5+
'html_sanitizer' => [
6+
'sanitizers' => [
7+
'custom_default' => null,
8+
],
9+
],
10+
]);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/html_sanitizer_default_allowed_link_and_media_hosts.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?xml version="1.0" ?>
2+
3+
<container xmlns="http://symfony.com/schema/dic/services"
4+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5+
xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
6+
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
7+
8+
<config xmlns="http://symfony.com/schema/dic/symfony" http-method-override="false">
9+
<html-sanitizer>
10+
<sanitizer name="custom_default"/>
11+
</html-sanitizer>
12+
</config>
13+
</container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/html_sanitizer_default_allowed_link_and_media_hosts.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
framework:
2+
http_method_override: false
3+
html_sanitizer:
4+
sanitizers:
5+
custom_default: ~

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2111,6 +2111,15 @@ static function ($call) {
21112111
$this->assertFalse($container->hasAlias(HtmlSanitizerInterface::class.' $default'));
21122112
}
21132113

2114+
public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()
2115+
{
2116+
$container = $this->createContainerFromFile('html_sanitizer_default_allowed_link_and_media_hosts');
2117+
2118+
$calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();
2119+
$this->assertContains(['allowLinkHosts', [null], true], $calls);
2120+
$this->assertContains(['allowMediaHosts', [null], true], $calls);
2121+
}
2122+
21142123
public function testHtmlSanitizerDefaultConfig()
21152124
{
21162125
$container = $this->createContainerFromFile('html_sanitizer_default_config');

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy