[HtmlSanitizer] Add blockBodyElements that will block all known elements by default. #49920
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stof
reviewed
Apr 4, 2023
| } | ||
|
|
||
| if ($sanitizerConfig['block_body_elements']) { | ||
| $def->addMethodCall('blockBodyElements', [], true); |
Member
There was a problem hiding this comment.
shouldn't this be done before the calls to allow safe or static elements, in case both are enabled ?
Member
|
@Neirda24 Any feedback? |
Contributor
Author
|
hey. Sorry forgot about this one. I'll get back on it as soon as I'm done with the feature flag one. |
fabpot
added a commit
that referenced
this pull request
Jun 29, 2024
…t action (Seldaek) This PR was merged into the 7.2 branch. Discussion ---------- [HtmlSanitizer] Add support for configuring the default action | Q | A | ------------- | --- | Branch? | 7.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Issues | Fix #48358 | License | MIT The default action can be set to block or allow unconfigured elements instead of dropping them Kinda replaces #49920 but it would need some work on the configuration handling side to allow configuring default actions. I am just using this as a library so I am not so keen on doing that part sorry but maybe `@Neirda24` might want to take care of it if this PR gets accepted. Commits ------- 4fd1c4c [HtmlSanitizer] Add support for configuring the default action to block or allow unconfigured elements instead of dropping them
Member
|
Let me close as stalled. Feel free to resubmit if you need this again. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a way to block all body elements. Currently without any setup, the
purgemode is the default.Without the framework :
With the framework :