-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature #46335 [Form][FrameworkBundle][TwigBundle] Add Twig filter, f…
…orm-type extension and improve service definitions for HtmlSanitizer (nicolas-grekas) This PR was merged into the 6.1 branch. Discussion ---------- [Form][FrameworkBundle][TwigBundle] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - This PR borrows the twig filter and the form-type extension from https://github.com/tgalopin/html-sanitizer-bundle/ Given the form builder (the input), it allows doing: ```php $builder ->add('content', TextareaType::class, ['sanitize_html' => true]) ; ``` And on the template side (the output), it allows doing: ```jinja <div> {{ html|sanitize_html }} </div> ``` In order to be able to wire the corresponding services, I had to change the way html-sanitizer is wired by framework-bundle: What we need here is a default name that we can rely on. By making the default name configurable, the current way to configure html_sanitizer makes it hard for other bundles (twig-bundle here) to know what the default name is. Eg here I would have to make the bundle read the config settings of framework-bundle. I solved this issue by making the default name non-configurable - aka I'm creating a convention: the default name is "default", and this "default" sanitizer is the one aliased to the html_sanitizer service, or to the non-named autowiring alias. I'm submitting this PR to 6.1 because html-sanitizer is new. If we prefer merging this in 6.2, the updated service wiring must be merged into 6.1 at least. Commits ------- 0ea89e5 [FrameworkBundle][TwigBundle][Form] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer
- Loading branch information
Showing
21 changed files
with
312 additions
and
43 deletions.
There are no files selected for viewing
40 changes: 40 additions & 0 deletions
40
src/Symfony/Bridge/Twig/Extension/HtmlSanitizerExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Twig\Extension; | ||
|
||
use Psr\Container\ContainerInterface; | ||
use Twig\Extension\AbstractExtension; | ||
use Twig\TwigFilter; | ||
|
||
/** | ||
* @author Titouan Galopin <galopintitouan@gmail.com> | ||
*/ | ||
final class HtmlSanitizerExtension extends AbstractExtension | ||
{ | ||
public function __construct( | ||
private ContainerInterface $sanitizers, | ||
private string $defaultSanitizer = 'default', | ||
) { | ||
} | ||
|
||
public function getFilters(): array | ||
{ | ||
return [ | ||
new TwigFilter('sanitize_html', $this->sanitize(...), ['is_safe' => ['html']]), | ||
]; | ||
} | ||
|
||
public function sanitize(string $html, string $sanitizer = null): string | ||
{ | ||
return $this->sanitizers->get($sanitizer ?? $this->defaultSanitizer)->sanitize($html); | ||
} | ||
} |
52 changes: 52 additions & 0 deletions
52
src/Symfony/Bridge/Twig/Tests/Extension/HtmlSanitizerExtensionTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bridge\Twig\Tests\Extension; | ||
|
||
use PHPUnit\Framework\TestCase; | ||
use Symfony\Bridge\Twig\Extension\HtmlSanitizerExtension; | ||
use Symfony\Component\DependencyInjection\ServiceLocator; | ||
use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface; | ||
use Twig\Environment; | ||
use Twig\Loader\ArrayLoader; | ||
|
||
class HtmlSanitizerExtensionTest extends TestCase | ||
{ | ||
public function testSanitizeHtml() | ||
{ | ||
$loader = new ArrayLoader([ | ||
'foo' => '{{ "foobar"|sanitize_html }}', | ||
'bar' => '{{ "foobar"|sanitize_html("bar") }}', | ||
]); | ||
|
||
$twig = new Environment($loader, ['debug' => true, 'cache' => false, 'autoescape' => 'html', 'optimizations' => 0]); | ||
|
||
$fooSanitizer = $this->createMock(HtmlSanitizerInterface::class); | ||
$fooSanitizer->expects($this->once()) | ||
->method('sanitize') | ||
->with('foobar') | ||
->willReturn('foo'); | ||
|
||
$barSanitizer = $this->createMock(HtmlSanitizerInterface::class); | ||
$barSanitizer->expects($this->once()) | ||
->method('sanitize') | ||
->with('foobar') | ||
->willReturn('bar'); | ||
|
||
$twig->addExtension(new HtmlSanitizerExtension(new ServiceLocator([ | ||
'foo' => fn () => $fooSanitizer, | ||
'bar' => fn () => $barSanitizer, | ||
]), 'foo')); | ||
|
||
$this->assertSame('foo', $twig->render('foo')); | ||
$this->assertSame('bar', $twig->render('bar')); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 1 addition & 2 deletions
3
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/html_sanitizer.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.