Skip to content

Commit af6703c

Browse files
xabbuhxabbuh
committed
Merge branch '6.3' into 6.4
* 6.3: [HtmlSanitizer] fix PHP config examples
2 parents 5e4143e + 408dd54 commit af6703c

File tree

1 file changed

+8
-9
lines changed

1 file changed

+8
-9
lines changed

html_sanitizer.rst

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -370,7 +370,7 @@ attributes from the `W3C Standard Proposal`_ are allowed.
370370
->allowElement('img', 'src')
371371
372372
// allow the <h1> element with all safe attributes
373-
->allowElement('h1')
373+
->allowElement('h1', '*')
374374
;
375375
};
376376
@@ -611,14 +611,13 @@ This option allows you to disallow attributes that were allowed before.
611611
$framework->htmlSanitizer()
612612
->sanitizer('app.post_sanitizer')
613613
// allow the "data-attr" on all safe elements...
614-
->allowAttribute('data-attr')
615-
->element('*')
614+
->allowAttribute('data-attr', '*')
616615
617616
// ...except for the <section> element
618617
->dropAttribute('data-attr', ['section'])
619618
620619
// disallows "style' on any allowed element
621-
->dropAttribute('style')
620+
->dropAttribute('style', '*')
622621
;
623622
};
624623
@@ -630,13 +629,13 @@ This option allows you to disallow attributes that were allowed before.
630629
$postSanitizer = new HtmlSanitizer(
631630
(new HtmlSanitizerConfig())
632631
// allow the "data-attr" on all safe elements...
633-
->allowAttribute('data-attr')
632+
->allowAttribute('data-attr', '*')
634633
635634
// ...except for the <section> element
636635
->dropAttribute('data-attr', ['section'])
637636
638637
// disallows "style' on any allowed element
639-
->dropAttribute('style')
638+
->dropAttribute('style', '*')
640639
);
641640
642641
Force Attribute Values
@@ -688,7 +687,7 @@ element (even if the original one didn't contain a ``rel`` attribute):
688687
return static function (FrameworkConfig $framework): void {
689688
$framework->htmlSanitizer()
690689
->sanitizer('app.post_sanitizer')
691-
->forceAttribute('a', 'rel', 'noopener noreferrer')
690+
->forceAttribute('a', ['rel' => 'noopener noreferrer'])
692691
;
693692
};
694693
@@ -793,7 +792,7 @@ URLs of ``<a>`` elements:
793792
// specifies the allowed hosts, the attribute will be dropped if the
794793
// URL contains a different host. Subdomains are allowed: e.g. the following
795794
// config would also allow 'www.symfony.com', 'live.symfony.com', etc.
796-
->allowedLinkHost('symfony.com')
795+
->allowedLinkHosts(['symfony.com'])
797796
798797
// whether to allow relative links (i.e. URLs without scheme and host)
799798
->allowRelativeLinks(true)
@@ -912,7 +911,7 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
912911
913912
// specifies the allowed hosts, the attribute will be dropped if the URL
914913
// contains a different host which is not a subdomain of the allowed host
915-
->allowedMediaHost('symfony.com') // Also allows any subdomain (i.e. www.symfony.com)
914+
->allowedMediaHosts(['symfony.com']) // Also allows any subdomain (i.e. www.symfony.com)
916915
917916
// whether to allow relative URLs (i.e. URLs without scheme and host)
918917
->allowRelativeMedias(true)

0 commit comments

Comments
 (0)