[TASK] Forward initiator to typo3/html-sanitizer

A new `SanitizerInitiator` is added and forwarded to
`typo3/html-sanitizer`. This allows getting a full stack-trace
when HTML nodes have been sanitized/modified and to debug the
actual cause (initiator) much better.

To receive corresponding initiator stack-traces

* logging for TYPO3.HtmlSanitizer namespace needs to be enabled
* TypoScript `config.debug = 1` must be set, or as a fall-back
  `$GLOBALS['TYPO3_CONF_VARS']['FE']['debug'] = true;` must be set
* HTML sanitizer must have found and modified invalid tags/attributes

Resolves: #94837
Releases: master, 11.3, 10.4, 9.5
Change-Id: I0239785d347d2c4ad6153ccb26130556399949d8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70509
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

typo3/sysext/core/Classes/Html/RteHtmlParser.php

@@ -871,6 +871,7 @@ protected function htmlSanitize(string $content, array $configuration): string
             $builder = $factory->build($build);
         }
         $sanitizer = $builder->build();
-        return $sanitizer->sanitize($content);
+        $initiator = GeneralUtility::makeInstance(SanitizerInitiator::class, get_class($this));
+        return $sanitizer->sanitize($content, $initiator);
     }
 }

typo3/sysext/core/Classes/Html/SanitizerInitiator.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the TYPO3 project.
+ *
+ * It is free software; you can redistribute it and/or modify it under the terms
+ * of the MIT License (MIT). For the full copyright and license information,
+ * please read the LICENSE file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+namespace TYPO3\CMS\Core\Html;
+
+use TYPO3\HtmlSanitizer\InitiatorInterface;
+
+/**
+ * Initiator for HTML sanitization process, forwarded to sanitizer and used during logging.
+ *
+ * @internal
+ */
+class SanitizerInitiator implements InitiatorInterface
+{
+    /**
+     * @var string
+     */
+    protected $trace;
+
+    public function __construct(string $trace)
+    {
+        $this->trace = $trace;
+    }
+
+    public function __toString(): string
+    {
+        return $this->trace;
+    }
+}

typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php

@@ -36,6 +36,7 @@
 use TYPO3\CMS\Core\Domain\Repository\PageRepository;
 use TYPO3\CMS\Core\Html\HtmlParser;
 use TYPO3\CMS\Core\Html\SanitizerBuilderFactory;
+use TYPO3\CMS\Core\Html\SanitizerInitiator;
 use TYPO3\CMS\Core\Imaging\ImageManipulation\Area;
 use TYPO3\CMS\Core\Imaging\ImageManipulation\CropVariantCollection;
 use TYPO3\CMS\Core\LinkHandling\Exception\UnknownLinkHandlerException;
@@ -2548,7 +2549,10 @@ public function stdWrap_htmlSanitize(string $content = '', array $conf = []): st
             $builder = $factory->build($build);
         }
         $sanitizer = $builder->build();
-        return $sanitizer->sanitize($content);
+        $initiator = $this->shallDebug()
+            ? GeneralUtility::makeInstance(SanitizerInitiator::class, DebugUtility::debugTrail())
+            : null;
+        return $sanitizer->sanitize($content, $initiator);
     }
 
     /**
@@ -6690,6 +6694,15 @@ protected function getContentLengthOfCurrentTag(string $theValue, int $pointer,
         return $endingOffset;
     }
 
+    protected function shallDebug(): bool
+    {
+        $tsfe = $this->getTypoScriptFrontendController();
+        if ($tsfe !== null && isset($tsfe->config['config']['debug'])) {
+            return (bool)($tsfe->config['config']['debug']);
+        }
+        return !empty($GLOBALS['TYPO3_CONF_VARS']['FE']['debug']);
+    }
+
     public function getRequest(): ServerRequestInterface
     {
         if ($this->request instanceof ServerRequestInterface) {