FOSCommentBundle allows you to use ExerciseHTMLPurifierBundle to sanitise HTML entered into comments.
** Note: **
Letting users post HTML directly without appropriate safety measures can lead to XSS attacks. Be careful with your HTMLPurifier configuration!
FOSCommentBundle does not automatically define the parsing bridge service for HTMLPurifier. You will need to do this in your application configuration.
Additionally, you are required to tell FOSCommentBundle about this markup class so that it knows to use it. Both requirements are listed in the code block below
# app/config/config.yml
services:
# ...
markup.exercise_html_purifier:
class: FOS\CommentBundle\Markup\HtmlPurifier
arguments: [ @exercise_html_purifier.default ]
# ...
fos_comment:
# ...
service:
markup: markup.exercise_html_purifier
# ...You are able to define different configurations for HTMLPurifierBundle, just change the argument given to the parser bridge to reflect the new HTMLPurifier configuration you have created. More information on this can be found at ExerciseHTMLPurifierBundle's documentation