minor #52324 [HtmlSanitizer] Consider width attribute as safe (cedr…

…ic-anne) This PR was merged into the 6.3 branch. Discussion ---------- [HtmlSanitizer] Consider `width` attribute as safe | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #50153 | License | MIT Consider the HTML attribute `width` to be safe, as attribute `height` already is. Commits ------- 827bd6a [HtmlSanitizer] Consider `width` attribute as safe
symfony · Oct 27, 2023 · b691eba · b691eba
2 parents 798a36a + 827bd6a
commit b691eba
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/Symfony/Component/HtmlSanitizer/Reference/W3CReference.php b/src/Symfony/Component/HtmlSanitizer/Reference/W3CReference.php
@@ -394,7 +394,7 @@ final class W3CReference
         'vlink' => false,
         'vspace' => true,
         'webkitdirectory' => true,
-        'width' => false,
+        'width' => true,
         'wrap' => true,
     ];
 }
diff --git a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
@@ -427,8 +427,8 @@ public static function provideSanitizeBody()
                 '<hr />',
             ],
             [
-                '<img src="/img/example.jpg" alt="Image alternative text" title="Image title">',
-                '<img src="/img/example.jpg" alt="Image alternative text" title="Image title" />',
+                '<img src="/img/example.jpg" alt="Image alternative text" title="Image title" height="150" width="300">',
+                '<img src="/img/example.jpg" alt="Image alternative text" title="Image title" height="150" width="300" />',
             ],
             [
                 '<img src="http://trusted.com/img/example.jpg" alt="Image alternative text" title="Image title" />',