8000 Finished XML config implementation · symfony/symfony@af72d96 · GitHub
[go: up one dir, main page]
Skip to content

Commit af72d96

Browse files
wouterjwouterj
committed
Finished XML config implementation
1 parent e0a9339 commit af72d96

File tree

10 files changed

+238
-155
lines changed

10 files changed

+238
-155
lines changed

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 41 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2123,9 +2123,20 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
21232123
->info('Default sanitizer to use when injecting without named binding.')
21242124
->end()
21252125
->arrayNode('sanitizers')
2126-
->normalizeKeys(false)
21272126
->useAttributeAsKey('name')
21282127
->arrayPrototype()
2128+
->fixXmlConfig('allow_element')
2129+
->fixXmlConfig('block_element')
2130+
->fixXmlConfig('drop_element')
2131+
->fixXmlConfig('allow_attribute')
2132+
->fixXmlConfig('drop_attribute')
2133+
->fixXmlConfig('force_attribute')
2134+
->fixXmlConfig('allowed_link_scheme')
2135+
->fixXmlConfig('allowed_link_host')
2136+
->fixXmlConfig('allowed_media_scheme')
2137+
->fixXmlConfig('allowed_media_host')
2138+
->fixXmlConfig('with_attribute_sanitizer')
2139+
->fixXmlConfig('without_attribute_sanitizer')
21292140
->children()
21302141
->booleanNode('allow_safe_elements')
21312142
->info('Allows "safe" elements and attributes.')
@@ -2136,39 +2147,58 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
21362147
->defaultFalse()
21372148
->end()
21382149
->arrayNode('allow_elements')
2139-
->info('Configures elements as allowed. Allowed elements are elements the sanitizer should retain from the input.')
2140-
->fixXmlConfig('allow-element')
2150+
->info('Configures the elements that the sanitizer should retain from the input. The element name is the key, the value is either a list of allowed attributes for this element or "*" to allow the default set of attributes (https://wicg.github.io/sanitizer-api/#default-configuration).')
2151+
->example(['i' => '*', 'a' => ['title'], 'span' => 'class'])
21412152
->normalizeKeys(false)
21422153
->useAttributeAsKey('name')
2143-
->variablePrototype()->end()
2154+
->variablePrototype()
2155+
->beforeNormalization()
2156+
->ifArray()->then(fn ($n) => isset($n['attribute']) ? $n['attribute'] : $n)
2157+
->end()
2158+
->validate()
2159+
->ifTrue(fn ($n): bool => !is_string($n) && !is_array($n))
2160+
->thenInvalid('The value must be either a string or an array of strings.')
2161+
->end()
2162+
->end()
21442163
->end()
21452164
->arrayNode('block_elements')
21462165
->info('Configures elements as blocked. Blocked elements are elements the sanitizer should remove from the input, but retain their children.')
2147-
->fixXmlConfig('block-element')
2166+
->beforeNormalization()
2167+
->ifString()
2168+
->then(fn (string $n): array => (array) $n)
2169+
->end()
21482170
->scalarPrototype()->end()
21492171
->end()
21502172
->arrayNode('drop_elements')
21512173
->info('Configures elements as dropped. Dropped elements are elements the sanitizer should remove from the input, including their children.')
2152-
->fixXmlConfig('drop-element')
2174+
->beforeNormalization()
2175+
->ifString()
2176+
->then(fn (string $n): array => (array) $n)
2177+
->end()
21532178
->scalarPrototype()->end()
21542179
->end()
21552180
->arrayNode('allow_attributes')
21562181
->info('Configures attributes as allowed. Allowed attributes are attributes the sanitizer should retain from the input.')
2157-
->fixXmlConfig('allow-attribute')
21582182
->normalizeKeys(false)
21592183
->useAttributeAsKey('name')
2160-
->variablePrototype()->end()
2184+
->variablePrototype()
2185+
->beforeNormalization()
2186+
->ifArray()->then(fn ($n) => isset($n['element']) ? $n['element'] : $n)
2187+
->end()
2188+
->end()
21612189
->end()
21622190
->arrayNode('drop_attributes')
21632191
->info('Configures attributes as dropped. Dropped attributes are attributes the sanitizer should remove from the input.')
2164-
->fixXmlConfig('drop-attribute')
21652192
->normalizeKeys(false)
21662193
->useAttributeAsKey('name')
2167-
->variablePrototype()->end()
2194+
->variablePrototype()
2195+
->beforeNormalization()
2196+
->ifArray()->then(fn ($n) => isset($n['element']) ? $n['element'] : $n)
2197+
->end()
2198+
->end()
21682199
->end()
21692200
->arrayNode('force_attributes')
21702201
->info('Forcefully set the values of certain attributes on certain elements.')
2171-
->fixXmlConfig('force-attribute')
21722202
->normalizeKeys(false)
21732203
->useAttributeAsKey('name')
21742204
->arrayPrototype()
@@ -2183,12 +2213,10 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
21832213
->end()
21842214
->arrayNode('allowed_link_schemes')
21852215
->info('Allows only a given list of schemes to be used in links href attributes.')
2186-
->fixXmlConfig('allow-link-scheme')
21872216
->scalarPrototype()->end()
21882217
->end()
21892218
->arrayNode('allowed_link_hosts')
21902219
->info('Allows only a given list of hosts to be used in links href attributes.')
2191-
->fixXmlConfig('allow-link-host')
21922220
->scalarPrototype()->end()
21932221
->end()
21942222
->booleanNode('allow_relative_links')
@@ -2197,12 +2225,10 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
21972225
->end()
21982226
->arrayNode('allowed_media_schemes')
21992227
->info('Allows only a given list of schemes to be used in media source attributes (img, audio, video, ...).')
2200-
->fixXmlConfig('allow-media-scheme')
22012228
->scalarPrototype()->end()
22022229
->end()
22032230
->arrayNode('allowed_media_hosts')
22042231
->info('Allows only a given list of hosts to be used in media source attributes (img, audio, video, ...).')
2205-
->fixXmlConfig('allow-media-host')
22062232
->scalarPrototype()->end()
22072233
->end()
22082234
->booleanNode('allow_relative_medias')
@@ -2211,12 +2237,10 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
22112237
->end()
22122238
->arrayNode('with_attribute_sanitizers')
22132239
->info('Registers custom attribute sanitizers.')
2214-
->fixXmlConfig('with-attribute-sanitizer')
22152240
->scalarPrototype()->end()
22162241
->end()
22172242
->arrayNode('without_attribute_sanitizers')
22182243
->info('Unregisters custom attribute sanitizers.')
2219-
->fixXmlConfig('without-attribute-sanitizer')
22202244
->scalarPrototype()->end()
22212245
->end()
22222246
->end()

src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd

Lines changed: 28 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -831,52 +831,53 @@
831831

832832
<xsd:complexType name="sanitizer">
833833
<xsd:sequence>
834-
<xsd:element name="allow-element" type="allow-element" minOccurs="0" maxOccurs="unbounded" />
835-
</xsd:sequence>
836-
<xsd:sequence>
834+
<xsd:element name="allow-element" type="element-option" minOccurs="0" maxOccurs="unbounded" />
837835
<xsd:element name="block-element" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
838-
</xsd:sequence>
839-
<xsd:sequence>
840836
<xsd:element name="drop-element" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
841-
</xsd:sequence>
842-
<xsd:sequence>
843-
<xsd:element name="allow-attribute" type="allow-attribute" minOccurs="0" maxOccurs="unbounded" />
844-
</xsd:sequence>
845-
<xsd:sequence>
846-
<xsd:element name="drop-attribute" type="drop-attribute" minOccurs="0" maxOccurs="unbounded" />
847-
</xsd:sequence>
848-
<xsd:sequence>
837+
<xsd:element name="allow-attribute" type="attribute-option" minOccurs="0" maxOccurs="unbounded" />
838+
<xsd:element name="drop-attribute" type="attribute-option" minOccurs="0" maxOccurs="unbounded" />
849839
<xsd:element name="force-attribute" type="force-attribute" minOccurs="0" maxOccurs="unbounded" />
850-
</xsd:sequence>
851-
<xsd:sequence>
852840
<xsd:element name="allowed-link-scheme" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
853-
</xsd:sequence>
854-
<xsd:sequence>
855841
<xsd:element name="allowed-link-host" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
856-
</xsd:sequence>
857-
<xsd:sequence>
858842
<xsd:element name="allowed-media-scheme" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
859-
</xsd:sequence>
860-
<xsd:sequence>
861843
<xsd:element name="allowed-media-host" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
862-
</xsd:sequence>
863-
<xsd:sequence>
864844
<xsd:element name="with-attribute-sanitizer" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
865-
</xsd:sequence>
866-
<xsd:sequence>
867845
<xsd:element name="without-attribute-sanitizer" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
868846
</xsd:sequence>
847+
<xsd:attribute name="name" type="xsd:string" use="required" />
869848
<xsd:attribute name="allow-safe-elements" type="xsd:boolean" />
870849
<xsd:attribute name="allow-all-static-elements" type="xsd:boolean" />
871850
<xsd:attribute name="force-https-urls" type="xsd:boolean" />
872851
<xsd:attribute name="allow-relative-links" type="xsd:boolean" />
873852
<xsd:attribute name="allow-relative-medias" type="xsd:boolean" />
874853
</xsd:complexType>
875854

876-
<xsd:complexType name="allow-element">
855+
<xsd:complexType name="element-option">
877856
<xsd:sequence>
878857
<xsd:element name="attribute" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
879858
</xsd:sequence>
880-
<xsd:attribute name="name" type="xsd:string" />
859+
<xsd:attribute name="name" type="xsd:string" use="required" />
860+
</xsd:complexType>
861+
862+
<xsd:complexType name="attribute-option">
863+
<xsd:sequence>
864+
<xsd:element name="element" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
865+
</xsd:sequence>
866+
<xsd:attribute name="name" type="xsd:string" use="required" />
867+
</xsd:complexType>
868+
869+
<xsd:complexType name="force-attribute">
870+
<xsd:sequence>
871+
<xsd:element name="attribute" minOccurs="0" maxOccurs="unbounded">
872+
<xsd:complexType>
873+
<xsd:simpleContent>
874+
<xsd:extension base="xsd:string">
875+
<xsd:attribute name="name" type="xsd:string" use="required"/>
876+
</xsd:extension>
877+
</xsd:simpleContent>
878+
</xsd:complexType>
879+
</xsd:element>
880+
</xsd:sequence>
881+
<xsd:attribute name="name" type="xsd:string" use="required" />
881882
</xsd:complexType>
882883
</xsd:schema>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php

Lines changed: 1 addition & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -81,51 +81,6 @@
8181
],
8282
],
8383
'html_sanitizer' => [
84-
'default' => 'my.sanitizer',
85-
'sanitizers' => [
86-
'my.sanitizer' => [
87-
'allow_safe_elements' => true,
88-
'allow_all_static_elements' => true,
89-
'allow_elements' => [
90-
'custom-tag-1' => ['data-attr-1'],
91-
'custom-tag-2' => [],
92-
'custom-tag-3' => '*',
93-
],
94-
'block_elements' => [
95-
'custom-tag-4',
96-
],
97-
'drop_elements' => [
98-
'custom-tag-5',
99-
],
100-
'allow_attributes' => [
101-
'data-attr-2' => ['custom-tag-6'],
102-
'data-attr-3' => [],
103-
'data-attr-4' => '*',
104-
],
105-
'drop_attributes' => [
106-
'data-attr-5' => ['custom-tag-6'],
107-
'data-attr-6' => [],
108-
'data-attr-7' => '*',
109-
],
110-
'force_attributes' => [
111-
'custom-tag-7' => [
112-
'data-attr-8' => 'value',
113-
],
114-
],
115-
'force_https_urls' => true,
116-
'allowed_link_schemes' => ['http', 'https', 'mailto'],
117-
'allowed_link_hosts' => ['symfony.com'],
118-
'allow_relative_links' => true,
119-
'allowed_media_schemes' => ['http', 'https', 'data'],
120-
'allowed_media_hosts' => ['symfony.com'],
121-
'allow_relative_medias' => true,
122-
'with_attribute_sanitizers' => [
123-
'App\\Sanitizer\\CustomAttributeSanitizer',
124-
],
125-
'without_attribute_sanitizers' => [
126-
'App\\Sanitizer\\OtherCustomAttributeSanitizer',
127-
],
128-
],
129-
],
84+
'enabled' => true,
13085
],
13186
]);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/html_sanitizer.php

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
<?php
2+
3+
$container->loadFromExtension('framework', [
4+
'html_sanitizer' => [
5+
'default' => 'my.sanitizer',
6+
'sanitizers' => [
7+
'my.sanitizer' => [
8+
'allow_safe_elements' => true,
9+
'allow_all_static_elements' => true,
10+
'allow_elements' => [
11+
'iframe' => 'src',
12+
'custom-tag' => ['data-attr', 'data-attr-1'],
13+
'custom-tag-2' => '*',
14+
],
15+
'block_elements' => ['section'],
16+
'drop_elements' => ['video'],
17+
'allow_attributes' => [
18+
'src' => ['iframe'],
19+
'data-attr' => '*',
20+
],
21+
'drop_attributes' => [
22+
'data-attr' => ['custom-tag'],
23+
'data-attr-1' => [],
24+
'data-attr-2' => '*',
25+
],
26+
'force_attributes' => [
27+
'a' => ['rel' => 'noopener noreferrer'],
28+
'h1' => ['class' => 'bp4-heading'],
29+
],
30+
'force_https_urls' => true,
31+
'allowed_link_schemes' => ['http', 'https', 'mailto'],
32+
'allowed_link_hosts' => ['symfony.com'],
33+
'allow_relative_links' => true,
34+
'allowed_media_schemes' => ['http', 'https', 'data'],
35+
'allowed_media_hosts' => ['symfony.com'],
36+
'allow_relative_medias' => true,
37+
'with_attribute_sanitizers' => [
38+
'App\\Sanitizer\\CustomAttributeSanitizer',
39+
],
40+
'without_attribute_sanitizers' => [
41+
'App\\Sanitizer\\OtherCustomAttributeSanitizer',
42+
],
43+
],
44+
'all.sanitizer' => null,
45+
],
46+
],
47+
]);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/html_sanitizer_default.php

Lines changed: 0 additions & 7 deletions
This file was deleted.

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -39,14 +39,4 @@
3939
</framework:default-context>
4040
</framework:serializer>
4141
<framework:property-info />
42-
<framework:html-sanitizer>
43-
<framework:format name="csv">
44-
<framework:mime-type>text/csv</framework:mime-type>
45-
<framework:mime-type>text/plain</framework:mime-type>
46-
</framework:format>
47-
<framework:format name="pdf">
48-
<framework:mime-type>application/pdf</framework:mime-type>
49-
</framework:format>
50-
</framework:html-sanitizer>
51-
</framework:config>
5242
</container>

0 commit comments

Comments
 (0)
0