You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently maintain a HTMLEditorSanitiser which is mostly responsible for two things:
Ensuring only the markup allowed by the HTMLEditorConfig is included in the output
Ensuring the output doesn't include XSS or other vulnerability attacks that can be included in HTML markup
Symfony have a symfony/html-sanitizer component that can do the same job, with the benefit that we don't have to maintain our own sanitizer and try to keep it up to date with all possible attack vectors.
We currently maintain a
HTMLEditorSanitiser
which is mostly responsible for two things:HTMLEditorConfig
is included in the outputSymfony have a
symfony/html-sanitizer
component that can do the same job, with the benefit that we don't have to maintain our own sanitizer and try to keep it up to date with all possible attack vectors.See the docs for that component for more details about its usage.
Acceptance Criteria
HTMLEditorSanitiser
with Symfony'sHtmlSanitizer
The text was updated successfully, but these errors were encountered: