Fix HtmlSanitizer default configuration behavior for allowed schemes

tgalopin · nicolas-grekas · commit bc60544403bd · 2022-12-14T11:28:02.000+01:00
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -2738,10 +2738,14 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
 
             // Settings
             $def->addMethodCall('forceHttpsUrls', [$sanitizerConfig['force_https_urls']], true);
-            $def->addMethodCall('allowLinkSchemes', [$sanitizerConfig['allowed_link_schemes']], true);
+            if ($sanitizerConfig['allowed_link_schemes']) {
+                $def->addMethodCall('allowLinkSchemes', [$sanitizerConfig['allowed_link_schemes']], true);
+            }
             $def->addMethodCall('allowLinkHosts', [$sanitizerConfig['allowed_link_hosts']], true);
             $def->addMethodCall('allowRelativeLinks', [$sanitizerConfig['allow_relative_links']], true);
-            $def->addMethodCall('allowMediaSchemes', [$sanitizerConfig['allowed_media_schemes']], true);
+            if ($sanitizerConfig['allowed_media_schemes']) {
+                $def->addMethodCall('allowMediaSchemes', [$sanitizerConfig['allowed_media_schemes']], true);
+            }
             $def->addMethodCall('allowMediaHosts', [$sanitizerConfig['allowed_media_hosts']], true);
             $def->addMethodCall('allowRelativeMedias', [$sanitizerConfig['allow_relative_medias']], true);
 
diff --git a/Tests/DependencyInjection/FrameworkExtensionTest.php b/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -2140,7 +2140,9 @@ public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()
 
         $calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();
         $this->assertContains(['allowLinkHosts', [null], true], $calls);
+        $this->assertContains(['allowRelativeLinks', [false], true], $calls);
         $this->assertContains(['allowMediaHosts', [null], true], $calls);
+        $this->assertContains(['allowRelativeMedias', [false], true], $calls);
     }
 
     public function testHtmlSanitizerDefaultConfig()

Original file line number	Diff line number	Diff line change
`@@ -2140,7 +2140,9 @@ public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()`
`2140`	`2140`
`2141`	`2141`	`$calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();`
`2142`	`2142`	`$this->assertContains(['allowLinkHosts', [null], true], $calls);`
	`2143`	`+ $this->assertContains(['allowRelativeLinks', [false], true], $calls);`
`2143`	`2144`	`$this->assertContains(['allowMediaHosts', [null], true], $calls);`
	`2145`	`+ $this->assertContains(['allowRelativeMedias', [false], true], $calls);`
`2144`	`2146`	`}`
`2145`	`2147`
`2146`	`2148`	`public function testHtmlSanitizerDefaultConfig()`