bug #48602 [HtmlSanitizer] Fix HtmlSanitizer default configuration behavior for allowed schemes (Titouan Galopin)

nicolas-grekas · nicolas-grekas · commit a64bda260050 · 2022-12-14T11:28:56.000+01:00
This PR was merged into the 6.1 branch. Discussion ---------- [HtmlSanitizer] Fix HtmlSanitizer default configuration behavior for allowed schemes | Q | A | ------------- | --- | Branch? | 6.1 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix symfony/symfony#48556 | License | MIT | Doc PR | - This issue happened not in the component but in the default configuration behavior (array was passed instead of null). Commits ------- 93e5160ec0 Fix HtmlSanitizer default configuration behavior for allowed schemes
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -2738,10 +2738,14 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
 
             // Settings
             $def->addMethodCall('forceHttpsUrls', [$sanitizerConfig['force_https_urls']], true);
-            $def->addMethodCall('allowLinkSchemes', [$sanitizerConfig['allowed_link_schemes']], true);
+            if ($sanitizerConfig['allowed_link_schemes']) {
+                $def->addMethodCall('allowLinkSchemes', [$sanitizerConfig['allowed_link_schemes']], true);
+            }
             $def->addMethodCall('allowLinkHosts', [$sanitizerConfig['allowed_link_hosts']], true);
             $def->addMethodCall('allowRelativeLinks', [$sanitizerConfig['allow_relative_links']], true);
-            $def->addMethodCall('allowMediaSchemes', [$sanitizerConfig['allowed_media_schemes']], true);
+            if ($sanitizerConfig['allowed_media_schemes']) {
+                $def->addMethodCall('allowMediaSchemes', [$sanitizerConfig['allowed_media_schemes']], true);
+            }
             $def->addMethodCall('allowMediaHosts', [$sanitizerConfig['allowed_media_hosts']], true);
             $def->addMethodCall('allowRelativeMedias', [$sanitizerConfig['allow_relative_medias']], true);
 
diff --git a/Tests/DependencyInjection/FrameworkExtensionTest.php b/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -2140,7 +2140,9 @@ public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()
 
         $calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();
         $this->assertContains(['allowLinkHosts', [null], true], $calls);
+        $this->assertContains(['allowRelativeLinks', [false], true], $calls);
         $this->assertContains(['allowMediaHosts', [null], true], $calls);
+        $this->assertContains(['allowRelativeMedias', [false], true], $calls);
     }
 
     public function testHtmlSanitizerDefaultConfig()

Original file line number	Diff line number	Diff line change
`@@ -2140,7 +2140,9 @@ public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()`
`2140`	`2140`
`2141`	`2141`	`$calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();`
`2142`	`2142`	`$this->assertContains(['allowLinkHosts', [null], true], $calls);`
	`2143`	`+ $this->assertContains(['allowRelativeLinks', [false], true], $calls);`
`2143`	`2144`	`$this->assertContains(['allowMediaHosts', [null], true], $calls);`
	`2145`	`+ $this->assertContains(['allowRelativeMedias', [false], true], $calls);`
`2144`	`2146`	`}`
`2145`	`2147`
`2146`	`2148`	`public function testHtmlSanitizerDefaultConfig()`