Skip to content

Commit d59a50f

Browse files
javiereguiluzjaviereguiluz
committed
feature #943 Migrate from HTMLPurifier to html-sanitizer (tgalopin)
This PR was merged into the master branch. Discussion ---------- Migrate from HTMLPurifier to html-sanitizer I would like to propose the usage of html-sanitizer in remplacement of HTMLPurifier. html-sanitizer is well integrated in modern Symfony applications (autowiring / autoconfiguration), it is better suited than HTMLPurifier to sanitize user inputs such as Markdown, it is faster and it creates HTML that's simpler and easier to understand. It is also IMO easier to extends and configure. Commits ------- 13c5b03 Migrate from HTMLPurifier to html-sanitizer
2 parents 0a99a78 + 13c5b03 commit d59a50f

File tree

6 files changed

+255
-53
lines changed

6 files changed

+255
-53
lines changed

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
"doctrine/doctrine-migrations-bundle": "^1.3",
1111
"doctrine/orm": "^2.5.11",
1212
"erusev/parsedown": "^1.6",
13-
"ezyang/htmlpurifier": "^4.9",
1413
"sensio/framework-extra-bundle": "^5.1",
1514
"sensiolabs/security-checker": "^5.0",
1615
"symfony/asset": "*",
@@ -29,6 +28,7 @@
2928
"symfony/validator": "*",
3029
"symfony/webpack-encore-bundle": "^1.1",
3130
"symfony/yaml": "*",
31+
"tgalopin/html-sanitizer-bundle": "^1.1",
3232
"twig/extensions": "^1.5",
3333
"twig/twig": "^2.6",
3434
"white-october/pagerfanta-bundle": "^1.1"

composer.lock

Lines changed: 214 additions & 41 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/bundles.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,5 @@
1717
Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
1818
Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
1919
Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
20+
HtmlSanitizer\Bundle\HtmlSanitizerBundle::class => ['all' => true],
2021
];

config/packages/html_sanitizer.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
html_sanitizer:
2+
default_sanitizer: 'default'
3+
sanitizers:
4+
default:
5+
# Read https://github.com/tgalopin/html-sanitizer/blob/master/docs/1-getting-started.md#extensions
6+
# to learn more about which extensions you would like to enable.
7+
extensions:
8+
- 'basic'
9+
- 'list'
10+
- 'table'
11+
- 'image'
12+
- 'code'
13+
14+
# Read https://github.com/tgalopin/html-sanitizer/blob/master/docs/3-configuration-reference.md
15+
# to discover all the available options for each extension.

0 commit comments

Comments
 (0)