Merge branch 'fix-xss-56' into release-xss-56

app/bundles/ApiBundle/Form/Type/ClientType.php

@@ -73,7 +73,7 @@ public function __construct(
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber([]));
         $builder->addEventSubscriber(new FormExitSubscriber('api.client', $options));
 
         if (!$options['data']->getId()) {

app/bundles/CategoryBundle/Form/Type/CategoryType.php

@@ -37,7 +37,7 @@ public function __construct(Session $session)
 
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber([]));
         $builder->addEventSubscriber(new FormExitSubscriber('category.category', $options));
 
         if (!$options['data']->getId()) {

app/bundles/LeadBundle/Form/Type/CompanyType.php

@@ -13,6 +13,7 @@
 
 use Doctrine\ORM\EntityManager;
 use Mautic\CoreBundle\Form\DataTransformer\IdToEntityModelTransformer;
+use Mautic\CoreBundle\Form\EventListener\CleanFormSubscriber;
 use Mautic\CoreBundle\Form\Type\FormButtonsType;
 use Mautic\LeadBundle\Entity\Company;
 use Mautic\UserBundle\Entity\User;
@@ -56,7 +57,8 @@ public function __construct(EntityManager $entityManager, RouterInterface $route
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $this->getFormFields($builder, $options, 'company');
+        $cleaningRules                 = $this->getFormFields($builder, $options, 'company');
+        $cleaningRules['companyemail'] = 'email';
 
         $transformer = new IdToEntityModelTransformer($this->em, User::class);
 
@@ -138,6 +140,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                 ],
             ]
         );
+
+        $builder->addEventSubscriber(new CleanFormSubscriber($cleaningRules));
     }
 
     /**

app/bundles/UserBundle/Form/Type/PasswordResetConfirmType.php

@@ -27,7 +27,7 @@ class PasswordResetConfirmType extends AbstractType
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber([]));
 
         $builder->add(
             'identifier',

app/bundles/UserBundle/Form/Type/PasswordResetType.php

@@ -25,7 +25,7 @@ class PasswordResetType extends AbstractType
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber([]));
 
         $builder->add(
             'identifier',

app/bundles/UserBundle/Form/Type/UserType.php

@@ -65,7 +65,7 @@ public function __construct(
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber(['signature' => 'html', 'email' => 'email']));
         $builder->addEventSubscriber(new FormExitSubscriber('user.user', $options));
 
         $builder->add(

plugins/MauticSocialBundle/Form/Type/MonitoringType.php

@@ -40,7 +40,7 @@ public function __construct(MonitoringModel $monitoringModel)
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $builder->addEventSubscriber(new CleanFormSubscriber());
+        $builder->addEventSubscriber(new CleanFormSubscriber(['description' => 'html']));
 
         $builder->add('title', TextType::class, [
             'label'      => 'mautic.core.name',