diff --git a/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md b/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md
index 003f90de7ee87..c5d32f929a689 100644
--- a/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md
+++ b/src/Symfony/Component/HtmlSanitizer/CHANGELOG.md
@@ -1,6 +1,11 @@
CHANGELOG
=========
+6.4
+---
+
+ * Add support for sanitizing unlimited length of HTML document
+
6.1
---
diff --git a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizer.php b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizer.php
index fb668921a8643..ccc6f69379c3f 100644
--- a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizer.php
+++ b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizer.php
@@ -60,7 +60,7 @@ private function sanitizeWithContext(string $context, string $input): string
$this->domVisitors[$context] ??= $this->createDomVisitorForContext($context);
// Prevent DOS attack induced by extremely long HTML strings
- if (\strlen($input) > $this->config->getMaxInputLength()) {
+ if (-1 !== $this->config->getMaxInputLength() && \strlen($input) > $this->config->getMaxInputLength()) {
$input = substr($input, 0, $this->config->getMaxInputLength());
}
diff --git a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
index aba306748b7cf..f46ffff61b192 100644
--- a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
+++ b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
@@ -405,8 +405,16 @@ public function withoutAttributeSanitizer(AttributeSanitizerInterface $sanitizer
return $clone;
}
+ /**
+ * @param int $maxInputLength The maximum length of the input string in bytes
+ * -1 means no limit
+ */
public function withMaxInputLength(int $maxInputLength): static
{
+ if ($maxInputLength < -1) {
+ throw new \InvalidArgumentException(sprintf('The maximum input length must be greater than -1, "%d" given.', $maxInputLength));
+ }
+
$clone = clone $this;
$clone->maxInputLength = $maxInputLength;
diff --git a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
index bdb47d7f34f1c..dfc44e8ba1bba 100644
--- a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
+++ b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
@@ -561,4 +561,15 @@ public static function provideSanitizeBody()
yield $case[0] => $case;
}
}
+
+ public function testUnlimitedLength()
+ {
+ $sanitizer = new HtmlSanitizer((new HtmlSanitizerConfig())->withMaxInputLength(-1));
+
+ $input = str_repeat('a', 10_000_000);
+
+ $sanitized = $sanitizer->sanitize($input);
+
+ $this->assertSame(\strlen($input), \strlen($sanitized));
+ }
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy