Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[HtmlSanitizer] Add blockBodyElements that will block all known elements by default.#49920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
Neirda24 wants to merge1 commit intosymfony:7.4
base:7.4
Choose a base branch
Loading
fromNeirda24:ticket_48358-html_sanitizer-add-block_all_elements

Conversation

Neirda24
Copy link
Contributor

QA
Branch?6.3
Bug fix?no
New feature?yes
Deprecations?no
TicketsFix#48358
LicenseMIT
Doc PRTBD

Add a way to block all body elements. Currently without any setup, thepurge mode is the default.
Without the framework :

$config = (newHtmlSanitizerConfig())    ->blockBodyElements();

With the framework :

framework:html_sanitizer:sanitizers:default:block_body_elements:true

@@ -2931,6 +2931,10 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
$def->addMethodCall('allowStaticElements', [], true);
}

if ($sanitizerConfig['block_body_elements']) {
$def->addMethodCall('blockBodyElements', [], true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

shouldn't this be donebefore the calls to allow safe or static elements, in case both are enabled ?

@nicolas-grekasnicolas-grekas modified the milestones:6.3,6.4May 23, 2023
@fabpot
Copy link
Member

@Neirda24 Any feedback?

@Neirda24
Copy link
ContributorAuthor

hey. Sorry forgot about this one. I'll get back on it as soon as I'm done with the feature flag one.

@nicolas-grekasnicolas-grekas modified the milestones:6.4,7.1Nov 15, 2023
@xabbuhxabbuh modified the milestones:7.1,7.2May 15, 2024
fabpot added a commit that referenced this pull requestJun 29, 2024
…t action (Seldaek)This PR was merged into the 7.2 branch.Discussion----------[HtmlSanitizer] Add support for configuring the default action| Q             | A| ------------- | ---| Branch?       | 7.2| Bug fix?      | no| New feature?  | yes| Deprecations? | no| Issues        |Fix#48358| License       | MITThe default action can be set to block or allow unconfigured elements instead of dropping themKinda replaces#49920 but it would need some work on the configuration handling side to allow configuring default actions. I am just using this as a library so I am not so keen on doing that part sorry but maybe `@Neirda24` might want to take care of it if this PR gets accepted.Commits-------4fd1c4c [HtmlSanitizer] Add support for configuring the default action to block or allow unconfigured elements instead of dropping them
@fabpotfabpot modified the milestones:7.2,7.3Nov 20, 2024
@fabpotfabpot modified the milestones:7.3,7.4May 26, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@stofstofstof left review comments

@tgalopintgalopinAwaiting requested review from tgalopin

Assignees
No one assigned
Projects
None yet
Milestone
7.4
Development

Successfully merging this pull request may close these issues.

[HtmlSanitizer] Add a blockAll helper
6 participants
@Neirda24@fabpot@stof@nicolas-grekas@xabbuh@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp