Skip to content

[HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data #58547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 6.4
Choose a base branch
from
Open

[HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data #58547

wants to merge 1 commit into from
+15 −3

Conversation

tgalopin
Copy link
Contributor

Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #58065
License MIT

Fix the override of an existing attribute value.

@carsonbot carsonbot added this to the 6.4 milestone Oct 12, 2024
chalasr
chalasr requested changes Oct 22, 2024
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding an optional argument is for 7.x

@tgalopin
Copy link
Contributor Author

Indeed thanks for the catch!

If that's good for you I'll handle it using func_get_args to fix the issue on 6.4 (it's a real bug, I think it's worth it)

@stof
Copy link
Member

stof commented Oct 23, 2024

Node is a final class, so it can add the argument directly (as there is no issue regarding keeping BC for child classes overriding the method)

@AppyGG
Copy link

AppyGG commented Nov 6, 2024

Hi, to help on this issue, is there something to change to allow merge for 6.4 ?

@AppyGG
Copy link

AppyGG commented Feb 13, 2025

Hello, small up on this PR, i really think this needs to be fix to improve sanitized content security

I'm uncertain if the Node.php class needs modification or if the changes proposed by @tgalopin are good regarding the BC policy ?

@OskarStark OskarStark changed the title [HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data [HtmlSanitizer] Fix force_attributes not replacing existing attribute in initial data Feb 13, 2025
@OskarStark OskarStark requested a review from chalasr February 13, 2025 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stof stof stof approved these changes

@chalasr chalasr Awaiting requested review from chalasr

Assignees
No one assigned
Labels
Bug HtmlSanitizer Status: Needs Review
Projects
None yet
Milestone
6.4
Development

Successfully merging this pull request may close these issues.
5 participants
@tgalopin @stof @AppyGG @chalasr @carsonbot
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy