Skip to content

Commit 76b353b

Browse files
javiereguiluzjaviereguiluz
committed
Merge branch '6.2' into 6.3
* 6.2: correct usage of force_https_urls
2 parents 457b15d + e821cb0 commit 76b353b

File tree

1 file changed

+24
-16
lines changed

1 file changed

+24
-16
lines changed

html_sanitizer.rst

Lines changed: 24 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -721,8 +721,9 @@ URLs of ``<a>`` elements:
721721
app.post_sanitizer:
722722
# ...
723723
724-
# if `true`, all URLs will be forced using the `https://` scheme (instead
725-
# of e.g. `http://` or `mailto:`)
724+
# if `true`, all URLs using the `http://` scheme will be converted to
725+
# use the `https://` scheme instead. `http` still needs to be allowed
726+
# in `allowed_link_schemes`
726727
force_https_urls: true
727728
728729
# specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -748,8 +749,9 @@ URLs of ``<a>`` elements:
748749
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
749750
750751
<framework:config>
751-
<!-- force-https-urls: if `true`, all URLs will be forced using the `https://`
752-
scheme (instead of e.g. `http://` or `mailto:`) -->
752+
<!-- force-https-urls: if `true`, all URLs using the `http://` scheme will be
753+
converted to use the `https://` scheme instead.
754+
`http` still needs to be allowed in `allowed-link-scheme` -->
753755
<!-- allow-relative-links: whether to allow relative links (i.e. URLs without
754756
scheme and host) -->
755757
<framework:html-sanitizer
@@ -777,8 +779,9 @@ URLs of ``<a>`` elements:
777779
return static function (FrameworkConfig $framework): void {
778780
$framework->htmlSanitizer()
779781
->sanitizer('app.post_sanitizer')
780-
// if `true`, all URLs will be forced using the `https://` scheme (instead
781-
// of e.g. `http://` or `mailto:`)
782+
// if `true`, all URLs using the `http://` scheme will be converted to
783+
// use the `https://` scheme instead. `http` still needs to be
784+
// allowed in `allowedLinkSchemes`
782785
->forceHttpsUrls(true)
783786
784787
// specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -801,8 +804,9 @@ URLs of ``<a>`` elements:
801804
802805
$postSanitizer = new HtmlSanitizer(
803806
(new HtmlSanitizerConfig())
804-
// if `true`, all URLs will be forced using the `https://` scheme (instead
805-
// of e.g. `http://` or `mailto:`)
807+
// if `true`, all URLs using the `http://` scheme will be converted to
808+
// use the `https://` scheme instead. `http` still needs to be
809+
// allowed in `allowedLinkSchemes`
806810
->forceHttpsUrls()
807811
808812
// specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -835,8 +839,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
835839
app.post_sanitizer:
836840
# ...
837841
838-
# if `true`, all URLs will be forced using the `https://` scheme (instead
839-
# of e.g. `http://` or `data:`)
842+
# if `true`, all URLs using the `http://` scheme will be converted to
843+
# use the `https://` scheme instead. `http` still needs to be allowed
844+
# in `allowed_media_schemes`
840845
force_https_urls: true
841846
842847
# specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -862,8 +867,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
862867
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
863868
864869
<framework:config>
865-
<!-- force-https-urls: if `true`, all URLs will be forced using the `https://`
866-
scheme (instead of e.g. `http://` or `data:`) -->
870+
<!-- force-https-urls: if `true`, all URLs using the `http://` scheme will be
871+
converted to use the `https://` scheme instead. `http`
872+
still needs to be allowed in `allowed-media-scheme` -->
867873
<!-- allow-relative-medias: whether to allow relative URLs (i.e. URLs without
868874
scheme and host) -->
869875
<framework:html-sanitizer
@@ -891,8 +897,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
891897
return static function (FrameworkConfig $framework): void {
892898
$framework->htmlSanitizer()
893899
->sanitizer('app.post_sanitizer')
894-
// if `true`, all URLs will be forced using the `https://` scheme (instead
895-
// of e.g. `http://` or `data:`)
900+
// if `true`, all URLs using the `http://` scheme will be converted to
901+
// use the `https://` scheme instead. `http` still needs to be
902+
// allowed in `allowedMediaSchemes`
896903
->forceHttpsUrls(true)
897904
898905
// specifies the allowed URL schemes. If the URL has a different scheme, the
@@ -915,8 +922,9 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
915922
916923
$postSanitizer = new HtmlSanitizer(
917924
(new HtmlSanitizerConfig())
918-
// if `true`, all URLs will be forced using the `https://` scheme (instead
919-
// of e.g. `http://` or `data:`)
925+
// if `true`, all URLs using the `http://` scheme will be converted to
926+
// use the `https://` scheme instead. `http` still needs to be
927+
// allowed in `allowedMediaSchemes`
920928
->forceHttpsUrls()
921929
922930
// specifies the allowed URL schemes. If the URL has a different scheme, the

0 commit comments

Comments
 (0)