Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Closed
Description
Hey, we just implemented the new HTML Sanitizer feature the first time and stumbled upon some not-working examples in the doctmentation:
https://symfony.com/doc/current/html_sanitizer.html#drop-attributes
The PHP-config examples state for some settings that a fluent interface is used, where the "Standalone Use" example show the actual variants with two parameters. For example theallowAttribute settings:
// that does not work:// config/packages/framework.phpuseSymfony\Config\FrameworkConfig;returnstaticfunction (FrameworkConfig$framework) {$framework->htmlSanitizer() ->sanitizer('app.post_sanitizer')// allow "src' on <iframe> elements ->allowAttribute('src') ->element('iframe')// allow "data-attr" on all elements currently allowed ->allowAttribute('data-attr') ->element('*') ;};// that does work, like it is shown in the "Standalone Use" example:// config/packages/framework.phpuseSymfony\Config\FrameworkConfig;returnstaticfunction (FrameworkConfig$framework) {$framework->htmlSanitizer() ->sanitizer('app.post_sanitizer')// allow "src' on <iframe> elements ->allowAttribute('src', ['iframe'})// allow "data-attr" on all elements currently allowed ->allowAttribute('data-attr','*') ;};
Maybe that fluent interface came from a previous state and was removed later.