Closed
Description
Hey, we just implemented the new HTML Sanitizer feature the first time and stumbled upon some not-working examples in the doctmentation:
https://symfony.com/doc/current/html_sanitizer.html#drop-attributes
The PHP-config examples state for some settings that a fluent interface is used, where the "Standalone Use" example show the actual variants with two parameters. For example the allowAttribute settings:
// that does not work:
// config/packages/framework.php
use Symfony\Config\FrameworkConfig;
return static function (FrameworkConfig $framework) {
$framework->htmlSanitizer()
->sanitizer('app.post_sanitizer')
// allow "src' on <iframe> elements
->allowAttribute('src')
->element('iframe')
// allow "data-attr" on all elements currently allowed
->allowAttribute('data-attr')
->element('*')
;
};
// that does work, like it is shown in the "Standalone Use" example:
// config/packages/framework.php
use Symfony\Config\FrameworkConfig;
return static function (FrameworkConfig $framework) {
$framework->htmlSanitizer()
->sanitizer('app.post_sanitizer')
// allow "src' on <iframe> elements
->allowAttribute('src', ['iframe'})
// allow "data-attr" on all elements currently allowed
->allowAttribute('data-attr', '*')
;
};Maybe that fluent interface came from a previous state and was removed later.