Skip to content

[HtmlSanitizer] Allow href attributes in links by default #48556

New issue
New issue
Closed
#48602
Closed
[HtmlSanitizer] Allow href attributes in links by default#48556
#48602
Assignees
tgalopin
Labels
BugHtmlSanitizerStatus: Needs Review
@javiereguiluz

Description

@javiereguiluz
javiereguiluz
opened on Dec 8, 2022

Symfony version(s) affected

6.1

Description

Originally reported by @Stoakes in symfony/symfony-docs#17446

@tgalopin suggested that this might be a bug in code instead of a doc issue.

How to reproduce

The following config:

html_sanitizer:
    sanitizers:
        app.sanitizer:
            allow_safe_elements: true
            allow_elements:
                list: '*'
                table: 'class'
                code: '*'
                a: ['href']
            allowed_media_schemes: ['http', 'https', 'mailto']
            allow_relative_medias: false

Results in the removal of all href attributes from all <a> elements. To fix this issue, you must also add the following to the previous config: allowed_link_schemes: ['http', 'https', 'mailto']

The original config should work without having to add the allowed_link_schemes config.

Possible Solution

No response

Additional Context

No response

Metadata

Metadata

Assignees

Labels

BugHtmlSanitizerStatus: Needs Review

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy