Skip to content

[FrameworkBundle] Allow default action in configuration #57653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: 7.4
Choose a base branch
from
Open

[FrameworkBundle] Allow default action in configuration #57653

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
71bc5d6
feat(HtmlSanitizer::Config): allow default action from semantic confi…
Neirda24 Jul 4, 2024
8b9f9f4
[UPDATE] Check for version installed of sanitizer
Neirda24 Jul 4, 2024
29f9749
[FIX] Key might be missing
Neirda24 Jul 4, 2024
d63e583
[UPDATE] Add some tests for default_action
Neirda24 Jul 5, 2024
4744fe2
[UPDATE] Remove duplicate code test
Neirda24 Jul 5, 2024
6a05b1b
[UPDATE] Fix xml config
Neirda24 Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
feat(HtmlSanitizer::Config): allow default action from semantic confi… 
…guration
  • Loading branch information
@Neirda24
Neirda24 committed Jul 4, 2024
commit 71bc5d6fd6f24495a9a5723d8152e7a561e3d013
5 changes: 5 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Exception\LogicException;
use Symfony\Component\Form\Form;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerAction;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
use Symfony\Component\HttpClient\HttpClient;
use Symfony\Component\HttpFoundation\Cookie;
Expand Down Expand Up @@ -2382,6 +2383,10 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
->fixXmlConfig('with_attribute_sanitizer')
->fixXmlConfig('without_attribute_sanitizer')
->children()
->enumNode('default_action')
->info('Defines how the sanitizer must behave by default.')
->values(array_map(static fn (HtmlSanitizerAction $action): string => $action->value, HtmlSanitizerAction::cases()))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
->values(array_map(static fn (HtmlSanitizerAction $action): string => $action->value, HtmlSanitizerAction::cases()))
->values(array_column(HtmlSanitizerAction::cases(), 'value'))

Copy link
Member

@nicolas-grekas nicolas-grekas Jul 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but this won't work if the component is not installed, isn't it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes good point. Just came here to say #57686 might allow this to be cleaner, but indeed if the enum class is missing what do we do?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok so now that #57686 is merged, I would say this could probably be changed to:

->enumNode('default_action')->enumFqcn(HtmlSanitizerAction::class)->end()

The question of what to do when !class_exists(HtmlSanitizerAction::class).. I would say make the enum node conditional, and only declare it if the class exists, so that if html-sanitizer is outdated and you try to configure a default_action the config will error with an unknown option default_action. For better DX we could also if the enum class is not there define it as a dummy null value but throw with a message about html-sanitizer bieng outdated if any value is passed in.

->end()
->booleanNode('allow_safe_elements')
->info('Allows "safe" elements and attributes.')
->defaultFalse()
Expand Down
5 changes: 5 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@
use Symfony\Component\Form\FormTypeGuesserInterface;
use Symfony\Component\Form\FormTypeInterface;
use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerAction;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
use Symfony\Component\HttpClient\Messenger\PingWebhookMessageHandler;
Expand Down Expand Up @@ -3006,6 +3007,10 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
$def = $container->register($configId, HtmlSanitizerConfig::class);

// Base
if ($sanitizerConfig['default_action']) {
$def->addMethodCall('defaultAction', [HtmlSanitizerAction::from($sanitizerConfig['default_action'])], true);
}

if ($sanitizerConfig['allow_safe_elements']) {
$def->addMethodCall('allowSafeElements', [], true);
}
Expand Down
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy