From b4acb942e0fb7fa3308ee6ae85a352b9dee2d524 Mon Sep 17 00:00:00 2001
From: "t.le-gacque" <t.le-gacque@groupeonepoint.com>
Date: Thu, 30 Mar 2023 18:20:44 +0200
Subject: [PATCH 1/4] Update HTML Sanitizer doc for `max_input_length` option

---
 html_sanitizer.rst | 69 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/html_sanitizer.rst b/html_sanitizer.rst
index a75b0a02562..423165f9549 100644
--- a/html_sanitizer.rst
+++ b/html_sanitizer.rst
@@ -931,6 +931,75 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
                 ->allowRelativeMedias()
         );
 
+Configure max input length
+~~~~~~~~~~~~~~~~~~~~~
+
+Using this option, you can change the default max input length of ``20000`` characters.
+Any input longer than this value will be truncated.
+
+.. configuration-block::
+
+    .. code-block:: yaml
+
+        # config/packages/html_sanitizer.yaml
+        framework:
+            html_sanitizer:
+                sanitizers:
+                    app.post_sanitizer:
+                        # ...
+
+                        # specifies the max input length. Inputs longer than this value will be
+                        # truncated (default: 20000)
+                        max_input_length: 20000
+
+    .. code-block:: xml
+
+        <!-- config/packages/html_sanitizer.xml -->
+        <?xml version="1.0" encoding="UTF-8" ?>
+        <container xmlns="http://symfony.com/schema/dic/services"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:framework="http://symfony.com/schema/dic/symfony"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services
+                https://symfony.com/schema/dic/services/services-1.0.xsd
+                http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
+
+            <framework:config>
+                <framework:html-sanitizer>
+                    <framework:sanitizer name="app.post_sanitizer">
+                        <!-- specifies the max input length. Inputs longer than this value will be
+                            truncated (default: 20000) -->
+                        <framework:max-input-length>20000</framework:max-input-length>
+                    </framework:sanitizer>
+                </framework:html-sanitizer>
+            </framework:config>
+        </container>
+
+    .. code-block:: php
+
+        // config/packages/framework.php
+        use Symfony\Config\FrameworkConfig;
+
+        return static function (FrameworkConfig $framework) {
+            $framework->htmlSanitizer()
+                ->sanitizer('app.post_sanitizer')
+                    // specifies the max input length. Inputs longer than this value will be
+                    // truncated (default: 20000)
+                    ->withMaxInputLength(20000)
+            ;
+        };
+
+    .. code-block:: php-standalone
+
+        use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
+        use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
+
+        $postSanitizer = new HtmlSanitizer(
+            (new HtmlSanitizerConfig())
+                // specifies the max input length. Inputs longer than this value will be
+                // truncated (default: 20000)
+                ->withMaxInputLength(20000)
+        );
+
 Custom Attribute Sanitizers
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From 211458b47094af72e6c76115e3440e8d7c3dc112 Mon Sep 17 00:00:00 2001
From: "t.le-gacque" <t.le-gacque@groupeonepoint.com>
Date: Thu, 30 Mar 2023 18:23:22 +0200
Subject: [PATCH 2/4] Update HTML Sanitizer doc for `max_input_length` option

---
 html_sanitizer.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html_sanitizer.rst b/html_sanitizer.rst
index 423165f9549..be8679c68e8 100644
--- a/html_sanitizer.rst
+++ b/html_sanitizer.rst
@@ -932,7 +932,7 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
         );
 
 Configure max input length
-~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Using this option, you can change the default max input length of ``20000`` characters.
 Any input longer than this value will be truncated.

From 4d319579697624a559ecccd53f211645bac8d65c Mon Sep 17 00:00:00 2001
From: "t.le-gacque" <t.le-gacque@groupeonepoint.com>
Date: Fri, 31 Mar 2023 11:18:32 +0200
Subject: [PATCH 3/4] Update HTML Sanitizer doc for `max_input_length` option

---
 html_sanitizer.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/html_sanitizer.rst b/html_sanitizer.rst
index be8679c68e8..75cf4bb7936 100644
--- a/html_sanitizer.rst
+++ b/html_sanitizer.rst
@@ -931,11 +931,12 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
                 ->allowRelativeMedias()
         );
 
-Configure max input length
+Configure Max input length
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Using this option, you can change the default max input length of ``20000`` characters.
-Any input longer than this value will be truncated.
+To prevent DoS attacks, the HTML sanitizer limits the input length to ``20000`` by default.
+Using this option, you can change the max input length.
+Inputs longer than this value will be truncated.
 
 .. configuration-block::
 

From dcf5f9c3626dddc82f8ae6bfe44607e82f00eba5 Mon Sep 17 00:00:00 2001
From: Tristan <tristanlegacque@orange.fr>
Date: Fri, 31 Mar 2023 17:32:57 +0200
Subject: [PATCH 4/4] Apply suggestions from code review

Co-authored-by: Oskar Stark <oskarstark@googlemail.com>
---
 html_sanitizer.rst | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/html_sanitizer.rst b/html_sanitizer.rst
index 75cf4bb7936..aa30a01835c 100644
--- a/html_sanitizer.rst
+++ b/html_sanitizer.rst
@@ -931,12 +931,11 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
                 ->allowRelativeMedias()
         );
 
-Configure Max input length
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+Max Input Length
+~~~~~~~~~~~~~~~~
 
 To prevent DoS attacks, the HTML sanitizer limits the input length to ``20000`` by default.
-Using this option, you can change the max input length.
-Inputs longer than this value will be truncated.
+Using this option, you can change the max input length, Inputs longer than this value will be truncated.
 
 .. configuration-block::
 
@@ -950,8 +949,7 @@ Inputs longer than this value will be truncated.
                         # ...
 
                         # specifies the max input length. Inputs longer than this value will be
-                        # truncated (default: 20000)
-                        max_input_length: 20000
+                        max_input_length: 30000 # default: 20000
 
     .. code-block:: xml