@@ -721,8 +721,9 @@ URLs of ``<a>`` elements:
721721 app.post_sanitizer :
722722 # ...
723723
724- # if `true`, all URLs will be forced using the `https://` scheme (instead
725- # of e.g. `http://` or `mailto:`)
724+ # if `true`, all URLs using the `http://` scheme will be converted to
725+ # using the `https://` scheme instead. `http` still needs to be allowed
726+ # in `allowed_link_schemes`
726727 force_https_urls : true
727728
728729 # specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -748,8 +749,9 @@ URLs of ``<a>`` elements:
748749 http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd" >
749750
750751 <framework : config >
751- <!-- force-https-urls: if `true`, all URLs will be forced using the `https://`
752- scheme (instead of e.g. `http://` or `mailto:`) -->
752+ <!-- force-https-urls: if `true`, all URLs using the `http://` scheme will be
753+ converted to using the `https://` scheme instead.
754+ `http` still needs to be allowed in `allowed-link-scheme` -->
753755 <!-- allow-relative-links: whether to allow relative links (i.e. URLs without
754756 scheme and host) -->
755757 <framework : html-sanitizer
@@ -777,8 +779,9 @@ URLs of ``<a>`` elements:
777779 return static function (FrameworkConfig $framework): void {
778780 $framework->htmlSanitizer()
779
8000
781 ->sanitizer('app.post_sanitizer')
780- // if `true`, all URLs will be forced using the `https://` scheme (instead
781- // of e.g. `http://` or `mailto:`)
782+ // if `true`, all URLs using the `http://` scheme will be converted to
783+ // using the `https://` scheme instead. `http` still needs to be
784+ // allowed in `allowedLinkSchemes`
782785 ->forceHttpsUrls(true)
783786
784787 // specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -801,8 +804,9 @@ URLs of ``<a>`` elements:
801804
802805 $postSanitizer = new HtmlSanitizer(
803806 (new HtmlSanitizerConfig())
804- // if `true`, all URLs will be forced using the `https://` scheme (instead
805- // of e.g. `http://` or `mailto:`)
807+ // if `true`, all URLs using the `http://` scheme will be converted to
808+ // using the `https://` scheme instead. `http` still needs to be
809+ // allowed in `allowedLinkSchemes`
806810 ->forceHttpsUrls()
807811
808812 // specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -835,8 +839,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
835839 app.post_sanitizer :
836840 # ...
837841
838- # if `true`, all URLs will be forced using the `https://` scheme (instead
839- # of e.g. `http://` or `data:`)
842+ # if `true`, all URLs using the `http://` scheme will be converted to
843+ # using the `https://` scheme instead. `http` still needs to be allowed
844+ # in `allowed_media_schemes`
840845 force_https_urls : true
841846
842847 # specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -862,8 +867,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
862867 http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd" >
863868
864869 <framework : config >
865- <!-- force-https-urls: if `true`, all URLs will be forced using the `https://`
866- scheme (instead of e.g. `http://` or `data:`) -->
870+ <!-- force-https-urls: if `true`, all URLs using the `http://` scheme will be
871+ converted to using the `https://` scheme instead. `http`
872+ still needs to be allowed in `allowed-media-scheme` -->
867873 <!-- allow-relative-medias: whether to allow relative URLs (i.e. URLs without
868874 scheme and host) -->
869875 <framework : html-sanitizer
@@ -891,8 +897,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
891897 return static function (FrameworkConfig $framework): void {
892898 $framework->htmlSanitizer()
893899 ->sanitizer('app.post_sanitizer')
894- // if `true`, all URLs will be forced using the `https://` scheme (instead
895- // of e.g. `http://` or `data:`)
900+ // if `true`, all URLs using the `http://` scheme will be converted to
901+ // using the `https://` scheme instead. `http` still needs to be
902+ // allowed in `allowedMediaSchemes`
896903 ->forceHttpsUrls(true)
897904
898905 // specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -915,8 +922,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
915922
916923 $postSanitizer = new HtmlSanitizer(
917924 (new HtmlSanitizerConfig())
918- // if `true`, all URLs will be forced using the `https://` scheme (instead
919- // of e.g. `http://` or `data:`)
925+ // if `true`, all URLs using the `http://` scheme will be converted to
926+ // using the `https://` scheme instead. `http` still needs to be
927+ // allowed in `allowedMediaSchemes`
920928 ->forceHttpsUrls()
921929
922930 // specifies the allowed URL schemes. If the URL has a different scheme, the
0 commit comments