Migrate from HTMLPurifier to html-sanitizer #943
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gmsantos
reviewed
Feb 5, 2019
|
|
||
| public function __construct() | ||
| public function __construct(SanitizerInterface $sanitizer) | ||
| { | ||
| $this->parser = new \Parsedown(); |
There was a problem hiding this comment.
it's just a nail-care, but Parsedown could be moved to constructor too?
There was a problem hiding this comment.
I thought about it and thought it actually shouldn't be part of this PR, as it's not the same aim. I can definitely do another PR with a service for the parser though.
|
Thanks Titouan for this proposal. The new library looks indeed better! I made two quick profiles before/after making this change and performance improvements are nice too:
|
|
Thank you Titouan. |
javiereguiluz
added a commit
that referenced
this pull request
Feb 15, 2019
This PR was merged into the master branch. Discussion ---------- Migrate from HTMLPurifier to html-sanitizer I would like to propose the usage of html-sanitizer in remplacement of HTMLPurifier. html-sanitizer is well integrated in modern Symfony applications (autowiring / autoconfiguration), it is better suited than HTMLPurifier to sanitize user inputs such as Markdown, it is faster and it creates HTML that's simpler and easier to understand. It is also IMO easier to extends and configure. Commits ------- 13c5b03 Migrate from HTMLPurifier to html-sanitizer
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I would like to propose the usage of html-sanitizer in remplacement of HTMLPurifier.
html-sanitizer is well integrated in modern Symfony applications (autowiring / autoconfiguration), it is better suited than HTMLPurifier to sanitize user inputs such as Markdown, it is faster and it creates HTML that's simpler and easier to understand. It is also IMO easier to extends and configure.