diff --git a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerCustomTest.php b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerCustomTest.php index f44c62414f4f..edf2faf517ba 100644 --- a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerCustomTest.php +++ b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerCustomTest.php @@ -232,10 +232,17 @@ public function testForceAttribute() { $config = (new HtmlSanitizerConfig()) ->allowElement('div') + ->allowElement('img', '*') ->allowElement('a', ['href']) ->forceAttribute('a', 'rel', 'noopener noreferrer') + ->forceAttribute('img', 'loading', 'lazy') ; + $this->assertSame( + ' My image

', + $this->sanitize($config, ' My image

') + ); + $this->assertSame( 'Hello world', $this->sanitize($config, 'Hello world') @@ -250,6 +257,11 @@ public function testForceAttribute() '

Hello

world', $this->sanitize($config, '

Hello

world') ); + + $this->assertSame( + 'Hello world', + $this->sanitize($config, 'Hello world') + ); } public function testForceHttps() diff --git a/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php b/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php index 8cda8cf2a8bd..c28db52e1fac 100644 --- a/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php +++ b/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php @@ -120,7 +120,7 @@ private function enterNode(string $domNodeName, \DOMNode $domNode, Cursor $curso // Force configured attributes foreach ($this->forcedAttributes[$domNodeName] ?? [] as $attribute => $value) { - $node->setAttribute($attribute, $value); + $node->setAttribute($attribute, $value, true); } $cursor->node->addChild($node); diff --git a/src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php b/src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php index 46a6b17a443d..002b8e808dac 100644 --- a/src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php +++ b/src/Symfony/Component/HtmlSanitizer/Visitor/Node/Node.php @@ -58,10 +58,10 @@ public function getAttribute(string $name): ?string return $this->attributes[$name] ?? null; } - public function setAttribute(string $name, ?string $value): void + public function setAttribute(string $name, ?string $value, bool $override = false): void { // Always use only the first declaration (ease sanitization) - if (!\array_key_exists($name, $this->attributes)) { + if ($override || !\array_key_exists($name, $this->attributes)) { $this->attributes[$name] = $value; } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies: