Merge branch '6.4' into 7.0

* 6.4: initialize the current time with midnight before modifying the date fix tests [HtmlSanitizer] Ignore Processing Instructions
symfony · Apr 11, 2024 · 1e465d3 · 1e465d3
2 parents a8543ad + bc4f7c4
commit 1e465d3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/Tests/HtmlSanitizerAllTest.php b/Tests/HtmlSanitizerAllTest.php
@@ -309,6 +309,12 @@ public static function provideSanitizeBody()
                 'Lorem ipsum  ',
             ],
 
+            // Processing instructions
+            [
+                'Lorem ipsum<?div x?>foo',
+                'Lorem ipsumfoo',
+            ],
+
             // Normal tags
             [
                 '<abbr>Lorem ipsum</abbr>',

diff --git a/Visitor/DomVisitor.php b/Visitor/DomVisitor.php
@@ -134,9 +134,10 @@ private function visitChildren(\DOMNode $domNode, Cursor $cursor): void
             if ('#text' === $child->nodeName) {
                 // Add text directly for performance
                 $cursor->node->addChild(new TextNode($cursor->node, $child->nodeValue));
-            } elseif (!$child instanceof \DOMText) {
+            } elseif (!$child instanceof \DOMText && !$child instanceof \DOMProcessingInstruction) {
                 // Otherwise continue the visit recursively
                 // Ignore comments for security reasons (interpreted differently by browsers)
+                // Ignore processing instructions (treated as comments)
                 $this->visitNode($child, $cursor);
             }
         }