[FrameworkBundle] Allow default action in configuration #57653

Neirda24 · 2024-07-04T11:05:14Z

Q	A
Branch?	7.2
Bug fix?	no
New feature?	yes
Deprecations?	no
Issues	Follow-up of #57399 + Fix #48358
License	MIT

See symfony/symfony-docs#20019 for documentation.

…guration

xabbuh

We need to check if the HtmlSanitizer component is present in 7.2+ or issue a meaningful error otherwise.

Neirda24 · 2024-07-04T16:13:07Z

@xabbuh : done. However I don't know how to update the test in FrameworkExtensionTest to try with sanitizer <7.2 & >=7.2.

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

Neirda24 · 2024-07-05T16:07:54Z

I don't know where and how to fix those errors (related to xml structure). If anyone can point me in the right direction 🙏

xabbuh · 2024-07-06T04:58:11Z

@Neirda24 In the symfony-1.0.xsd file (located in src/Symfony/Bundle/FrameworkBundle/Resources/config/schema) add <xsd:attribute name="default-action" type="xsd:string" /> as a new entry after line 920.

nicolas-grekas · 2024-07-10T07:24:10Z

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

@@ -2382,6 +2383,10 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
                                ->fixXmlConfig('with_attribute_sanitizer')
                                ->fixXmlConfig('without_attribute_sanitizer')
                                ->children()
+                                    ->enumNode('default_action')
+                                        ->info('Defines how the sanitizer must behave by default.')
+                                        ->values(array_map(static fn (HtmlSanitizerAction $action): string => $action->value, HtmlSanitizerAction::cases()))


Suggested change

->values(array_map(static fn (HtmlSanitizerAction $action): string => $action->value, HtmlSanitizerAction::cases()))

->values(array_column(HtmlSanitizerAction::cases(), 'value'))

but this won't work if the component is not installed, isn't it?

Yes good point. Just came here to say #57686 might allow this to be cleaner, but indeed if the enum class is missing what do we do?

nicolas-grekas

we might not need to make the enum backed in the end, since we cannot use it to generate the XSD nor the config

nicolas-grekas · 2024-07-10T07:27:40Z

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -3006,6 +3007,17 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
            $def = $container->register($configId, HtmlSanitizerConfig::class);

            // Base
+            if ($sanitizerConfig['default_action'] ?? false) {
+                if (!class_exists(HtmlSanitizerAction::class)) {


this is dead code because of the way the config is done at the moment: if there is a value, it must be one of the allowed cases, which are derived from the enum

nicolas-grekas · 2024-07-10T07:28:07Z

src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd

@@ -918,6 +918,7 @@
        <xsd:attribute name="allow-relative-links" type="xsd:boolean" />
        <xsd:attribute name="allow-relative-medias" type="xsd:boolean" />
        <xsd:attribute name="max-input-length" type="xsd:positiveInteger" />
+        <xsd:attribute name="default-action" type="xsd:string" />


can't we restrict the possible values to the ones allowed by the enum?

feat(HtmlSanitizer::Config): allow default action from semantic confi…

71bc5d6

…guration

carsonbot added Status: Needs Review Feature labels Jul 4, 2024

carsonbot added this to the 7.2 milestone Jul 4, 2024

xabbuh added the FrameworkBundle label Jul 4, 2024

Neirda24 mentioned this pull request Jul 4, 2024

[HtmlSanitizer] Add docs for the new HtmlSanitizer defaultAction config symfony/symfony-docs#20019

Open

carsonbot changed the title ~~feat(HtmlSanitizer::Config): allow default action from semantic confi…~~ [FrameworkBundle] feat(HtmlSanitizer::Config): allow default action from semantic confi… Jul 4, 2024

xabbuh requested changes Jul 4, 2024

View reviewed changes

carsonbot added Status: Needs Work and removed Status: Needs Review labels Jul 4, 2024

OskarStark changed the title ~~[FrameworkBundle] feat(HtmlSanitizer::Config): allow default action from semantic confi…~~ [FrameworkBundle] feat(HtmlSanitizer::Config): allow default action from semantic configuration Jul 4, 2024

Neirda24 added 2 commits July 4, 2024 18:04

[UPDATE] Check for version installed of sanitizer

8b9f9f4

[FIX] Key might be missing

29f9749

xabbuh reviewed Jul 4, 2024

View reviewed changes

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php Outdated Show resolved Hide resolved

Neirda24 added 2 commits July 5, 2024 11:04

[UPDATE] Add some tests for default_action

d63e583

[UPDATE] Remove duplicate code test

4744fe2

Neirda24 changed the title ~~[FrameworkBundle] feat(HtmlSanitizer::Config): allow default action from semantic configuration~~ [FrameworkBundle][HtmlSanitizer] Allow default action in configuration Jul 9, 2024

[UPDATE] Fix xml config

6a05b1b

Neirda24 requested a review from xabbuh July 9, 2024 18:46

carsonbot added Status: Needs Review and removed Status: Needs Work labels Jul 9, 2024

carsonbot changed the title ~~[FrameworkBundle][HtmlSanitizer] Allow default action in configuration~~ [FrameworkBundle] Allow default action in configuration Jul 9, 2024

nicolas-grekas reviewed Jul 10, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FrameworkBundle] Allow default action in configuration #57653

[FrameworkBundle] Allow default action in configuration #57653

Neirda24 commented Jul 4, 2024 •

edited by OskarStark

Loading

xabbuh left a comment

Neirda24 commented Jul 4, 2024

Neirda24 commented Jul 5, 2024

xabbuh commented Jul 6, 2024

nicolas-grekas Jul 10, 2024

nicolas-grekas Jul 10, 2024 •

edited

Loading

Seldaek Jul 10, 2024

nicolas-grekas left a comment

nicolas-grekas Jul 10, 2024

nicolas-grekas Jul 10, 2024

	->values(array_map(static fn (HtmlSanitizerAction $action): string => $action->value, HtmlSanitizerAction::cases()))
	->values(array_column(HtmlSanitizerAction::cases(), 'value'))

[FrameworkBundle] Allow default action in configuration #57653

Are you sure you want to change the base?

[FrameworkBundle] Allow default action in configuration #57653

Conversation

Neirda24 commented Jul 4, 2024 • edited by OskarStark Loading

xabbuh left a comment

Choose a reason for hiding this comment

Neirda24 commented Jul 4, 2024

Neirda24 commented Jul 5, 2024

xabbuh commented Jul 6, 2024

nicolas-grekas Jul 10, 2024

Choose a reason for hiding this comment

nicolas-grekas Jul 10, 2024 • edited Loading

Choose a reason for hiding this comment

Seldaek Jul 10, 2024

Choose a reason for hiding this comment

nicolas-grekas left a comment

Choose a reason for hiding this comment

nicolas-grekas Jul 10, 2024

Choose a reason for hiding this comment

nicolas-grekas Jul 10, 2024

Choose a reason for hiding this comment

Neirda24 commented Jul 4, 2024 •

edited by OskarStark

Loading

nicolas-grekas Jul 10, 2024 •

edited

Loading