Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 213c03a

Browse files
[FrameworkBundle][TwigBundle][Form] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer
1 parent 6bed67f commit 213c03a

File tree

17 files changed

+159
-43
lines changed

17 files changed

+159
-43
lines changed
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <[email protected]>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Bridge\Twig\Extension;
13+
14+
use Psr\Container\ContainerInterface;
15+
use Twig\Extension\AbstractExtension;
16+
use Twig\TwigFilter;
17+
18+
/**
19+
* @author Titouan Galopin <[email protected]>
20+
*/
21+
final class HtmlSanitizerExtension extends AbstractExtension
22+
{
23+
public function __construct(
24+
private ContainerInterface $sanitizers,
25+
private string $defaultName = 'default',
26+
) {
27+
}
28+
29+
public function getFilters(): array
30+
{
31+
return [
32+
new TwigFilter('sanitize_html', $this->sanitize(...), ['is_safe' => ['html']]),
33+
];
34+
}
35+
36+
public function sanitize(string $html, string $sanitizer = null): string
37+
{
38+
return $this->sanitizers->get($sanitizer ?? $this->defaultName)->sanitize($html);
39+
}
40+
}

src/Symfony/Bridge/Twig/UndefinedCallableHandler.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ class UndefinedCallableHandler
2424
private const FILTER_COMPONENTS = [
2525
'humanize' => 'form',
2626
'trans' => 'translation',
27+
'sanitize_html' => 'html-sanitizer',
2728
'yaml_encode' => 'yaml',
2829
'yaml_dump' => 'yaml',
2930
];
@@ -61,6 +62,7 @@ class UndefinedCallableHandler
6162
];
6263

6364
private const FULL_STACK_ENABLE = [
65+
'html-sanitizer' => 'enable "framework.html_sanitizer"',
6466
'form' => 'enable "framework.form"',
6567
'security-core' => 'add the "SecurityBundle"',
6668
'security-http' => 'add the "SecurityBundle"',

src/Symfony/Bridge/Twig/composer.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
"symfony/dependency-injection": "^5.4|^6.0",
2929
"symfony/finder": "^5.4|^6.0",
3030
"symfony/form": "^6.1",
31+
"symfony/html-sanitizer": "^6.1",
3132
"symfony/http-foundation": "^5.4|^6.0",
3233
"symfony/http-kernel": "^5.4|^6.0",
3334
"symfony/intl": "^5.4|^6.0",
@@ -65,6 +66,7 @@
6566
"symfony/finder": "",
6667
"symfony/asset": "For using the AssetExtension",
6768
"symfony/form": "For using the FormExtension",
69+
"symfony/html-sanitizer": "For using the HtmlSanitizerExtension",
6870
"symfony/http-kernel": "For using the HttpKernelExtension",
6971
"symfony/routing": "For using the RoutingExtension",
7072
"symfony/translation": "For using the TranslationExtension",

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/UnusedTagsPass.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ class UnusedTagsPass implements CompilerPassInterface
4949
'form.type',
5050
'form.type_extension',
5151
'form.type_guesser',
52+
'html_sanitizer',
5253
'http_client.client',
5354
'kernel.cache_clearer',
5455
'kernel.cache_warmer',

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2129,10 +2129,6 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
21292129
->{$enableIfStandalone('symfony/html-sanitizer', HtmlSanitizerInterface::class)}()
21302130
->fixXmlConfig('sanitizer')
21312131
->children()
2132-
->scalarNode('default')
2133-
->defaultNull()
2134-
->info('Default sanitizer to use when injecting without named binding.')
2135-
->end()
21362132
->arrayNode('sanitizers')
21372133
->useAttributeAsKey('name')
21382134
->arrayPrototype()

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -485,6 +485,9 @@ public function load(array $configs, ContainerBuilder $container)
485485
$container->removeDefinition('form.type_extension.form.validator');
486486
$container->removeDefinition('form.type_guesser.validator');
487487
}
488+
if (!$this->isConfigEnabled($container, $config['html_sanitizer'])) {
489+
$container->removeDefinition('form.type_extension.form.html_sanitizer');
490+
}
488491
} else {
489492
$container->removeDefinition('console.command.form_debug');
490493
}
@@ -2740,13 +2743,14 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
27402743

27412744
// Create the sanitizer and link its config
27422745
$sanitizerId = 'html_sanitizer.sanitizer.'.$sanitizerName;
2743-
$container->register($sanitizerId, HtmlSanitizer::class)->addArgument(new Reference($configId));
2746+
$container->register($sanitizerId, HtmlSanitizer::class)
2747+
->addTag('html_sanitizer', ['sanitizer' => $sanitizerName])
2748+
->addArgument(new Reference($configId));
27442749

2745-
$container->registerAliasForArgument($sanitizerId, HtmlSanitizerInterface::class, $sanitizerName);
2750+
if ('default' !== $sanitizerName) {
2751+
$container->registerAliasForArgument($sanitizerId, HtmlSanitizerInterface::class, $sanitizerName);
2752+
}
27462753
}
2747-
2748-
$default = $config['default'] ? 'html_sanitizer.sanitizer.'.$config['default'] : 'html_sanitizer';
2749-
$container->setAlias(HtmlSanitizerInterface::class, new Reference($default));
27502754
}
27512755

27522756
private function resolveTrustedHeaders(array $headers): int

src/Symfony/Bundle/FrameworkBundle/Resources/config/form.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,12 @@
1919
use Symfony\Component\Form\Extension\Core\Type\FileType;
2020
use Symfony\Component\Form\Extension\Core\Type\FormType;
2121
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
22+
use Symfony\Component\Form\Extension\Core\Type\TextType;
2223
use Symfony\Component\Form\Extension\Core\Type\TransformationFailureExtension;
2324
use Symfony\Component\Form\Extension\DependencyInjection\DependencyInjectionExtension;
2425
use Symfony\Component\Form\Extension\HttpFoundation\HttpFoundationRequestHandler;
2526
use Symfony\Component\Form\Extension\HttpFoundation\Type\FormTypeHttpFoundationExtension;
27+
use Symfony\Component\Form\Extension\HttpFoundation\Type\TextTypeHtmlSanitizerExtension;
2628
use Symfony\Component\Form\Extension\Validator\Type\FormTypeValidatorExtension;
2729
use Symfony\Component\Form\Extension\Validator\Type\RepeatedTypeValidatorExtension;
2830
use Symfony\Component\Form\Extension\Validator\Type\SubmitTypeValidatorExtension;
@@ -113,6 +115,10 @@
113115
->args([service('translator')->ignoreOnInvalid()])
114116
->tag('form.type_extension', ['extended-type' => FormType::class])
115117

118+
->set('form.type_extension.form.html_sanitizer', TextTypeHtmlSanitizerExtension::class)
119+
->args([tagged_locator('html_sanitizer', 'sanitizer')])
120+
->tag('form.type_extension', ['extended-type' => TextType::class])
121+
116122
->set('form.type_extension.form.http_foundation', FormTypeHttpFoundationExtension::class)
117123
->args([service('form.type_extension.form.request_handler')])
118124
->tag('form.type_extension')

src/Symfony/Bundle/FrameworkBundle/Resources/config/html_sanitizer.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,18 @@
1313

1414
use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
1515
use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
16+
use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
1617

1718
return static function (ContainerConfigurator $container) {
1819
$container->services()
19-
->set('html_sanitizer.config', HtmlSanitizerConfig::class)
20+
->set('html_sanitizer.config.default', HtmlSanitizerConfig::class)
2021
->call('allowSafeElements')
2122

22-
->set('html_sanitizer', HtmlSanitizer::class)
23+
->set('html_sanitizer.sanitizer.default', HtmlSanitizer::class)
2324
->args([service('html_sanitizer.config')])
25+
->tag('html_sanitizer', ['name' => 'default'])
26+
27+
->alias('html_sanitizer', 'html_sanitizer.sanitizer.default')
28+
->alias(HtmlSanitizerInterface::class, 'html_sanitizer')
2429
;
2530
};

src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -826,7 +826,6 @@
826826
<xsd:element name="sanitizer" type="sanitizer" minOccurs="0" maxOccurs="unbounded" />
827827
</xsd:sequence>
828828
<xsd:attribute name="enabled" type="xsd:boolean" />
829-
<xsd:attribute name="default" type="xsd:string" />
830829
</xsd:complexType>
831830

832831
<xsd:complexType name="sanitizer">

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -652,7 +652,6 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
652652
],
653653
'html_sanitizer' => [
654654
'enabled' => !class_exists(FullStack::class) && class_exists(HtmlSanitizer::class),
655-
'default' => null,
656655
'sanitizers' => [],
657656
],
658657
'exceptions' => [],

0 commit comments

Comments
 (0)