8000 minor #44814 [HtmlSanitizer] Some minor changes in the config API (ja… · symfony/symfony@098ff62 · GitHub
[go: up one dir, main page]
Skip to content

Commit 098ff62

Browse files
fabpotfabpot
committed
minor #44814 [HtmlSanitizer] Some minor changes in the config API (javiereguiluz)
This PR was squashed before being merged into the 6.1 branch. Discussion ---------- [HtmlSanitizer] Some minor changes in the config API | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - First of all, thanks to @tgalopin for this superb contribution 🙇 This PR makes 3 little changes: (1) Fix two minor typos (2) Rename `allowAllStaticElements()` as `allowStaticElements()` to be consistent with the rest of methods, which don't include the `All` word. (3) A proposal to change this default value: ```diff -public function allowElement(string $element, array|string $allowedAttributes = []): static +public function allowElement(string $element, array|string $allowedAttributes = '*'): static ``` In my opinion, when you want to allow some element, most of the times you want to allow the standard attributes on them too. So, the following should allow `<div>` and their standard attributes: ```php ->allowElement('div') ``` Forcing to write it as `->allowElement('div', '*')` seems cumbersome. The previous behavior (forbid all attributes) would now be like this: ```php ->allowElement('div', []) ``` Commits ------- 84470ef [HtmlSanitizer] Some minor changes in the config API
2 parents 06f4bd7 + 84470ef commit 098ff62

File tree

5 files changed

+5
-5
lines changed

5 files changed

+5
-5
lines changed

src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ public function __construct()
105105
* All scripts will be removed but the output may still contain other dangerous
106106
* behaviors like CSS injection (click-jacking), CSS expressions, ...
107107
*/
108-
public function allowAllStaticElements(): static
108+
public function allowStaticElements(): static
109109
{
110110
$elements = array_merge(
111111
array_keys(W3CReference::HEAD_ELEMENTS),

src/Symfony/Component/HtmlSanitizer/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ $config = (new HtmlSanitizerConfig())
2222
// standard. All scripts will be removed but the output may still contain
2323
// other dangerous behaviors like CSS injection (click-jacking), CSS
2424
// expressions, ...
25-
->allowAllStaticElements()
25+
->allowStaticElements()
2626

2727
// Allow the "div" element and no attribute can be on it
2828
->allowElement('div')

src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ private function createSanitizer(): HtmlSanitizer
2121
{
2222
return new HtmlSanitizer(
2323
(new HtmlSanitizerConfig())
24-
->allowAllStaticElements()
24+
->allowStaticElements()
2525
->allowLinkHosts(['trusted.com', 'external.com'])
2626
->allowMediaHosts(['trusted.com', 'external.com'])
2727
->allowRelativeLinks()

src/Symfony/Component/HtmlSanitizer/TextSanitizer/StringSanitizer.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ final class StringSanitizer
2626
// "&#34;" is shorter than "&quot;"
2727
'&quot;',
2828

29-
// Fix several potential issues in how browsers intepret attributes values
29+
// Fix several potential issues in how browsers interpret attributes values
3030
'+',
3131
'=',
3232
'@',

src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ final class DomVisitor
4747
private array $elementsConfig;
4848

4949
/**
50-
* Registry of attributes to forcefuly set on nodes, index by element and attribute.
50+
* Registry of attributes to forcefully set on nodes, index by element and attribute.
5151
*
5252
* @var array<string, array<string, string>>
5353
*/

0 commit comments

Comments
 (0)
0