[FrameworkBundle][TwigBundle][Form] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer

nicolas-grekas · nicolas-grekas · commit c6d7ce99f74f · 2022-05-13T18:41:52.000+02:00
diff --git a/DependencyInjection/Compiler/UnusedTagsPass.php b/DependencyInjection/Compiler/UnusedTagsPass.php
@@ -49,6 +49,7 @@ class UnusedTagsPass implements CompilerPassInterface
         'form.type',
         'form.type_extension',
         'form.type_guesser',
+        'html_sanitizer',
         'http_client.client',
         'kernel.cache_clearer',
         'kernel.cache_warmer',
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -2129,10 +2129,6 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
                     ->{$enableIfStandalone('symfony/html-sanitizer', HtmlSanitizerInterface::class)}()
                     ->fixXmlConfig('sanitizer')
                     ->children()
-                        ->scalarNode('default')
-                            ->defaultNull()
-                            ->info('Default sanitizer to use when injecting without named binding.')
-                        ->end()
                         ->arrayNode('sanitizers')
                             ->useAttributeAsKey('name')
                             ->arrayPrototype()
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -69,6 +69,7 @@
 use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
 use Symfony\Component\Finder\Finder;
 use Symfony\Component\Form\ChoiceList\Factory\CachingFactoryDecorator;
+use Symfony\Component\Form\Extension\HtmlSanitizer\Type\TextTypeHtmlSanitizerExtension;
 use Symfony\Component\Form\Form;
 use Symfony\Component\Form\FormTypeExtensionInterface;
 use Symfony\Component\Form\FormTypeGuesserInterface;
@@ -485,6 +486,9 @@ public function load(array $configs, ContainerBuilder $container)
                 $container->removeDefinition('form.type_extension.form.validator');
                 $container->removeDefinition('form.type_guesser.validator');
             }
+            if (!$this->isConfigEnabled($container, $config['html_sanitizer']) || !class_exists(TextTypeHtmlSanitizerExtension::class)) {
+                $container->removeDefinition('form.type_extension.form.html_sanitizer');
+            }
         } else {
             $container->removeDefinition('console.command.form_debug');
         }
@@ -2740,13 +2744,14 @@ private function registerHtmlSanitizerConfiguration(array $config, ContainerBuil
 
             // Create the sanitizer and link its config
             $sanitizerId = 'html_sanitizer.sanitizer.'.$sanitizerName;
-            $container->register($sanitizerId, HtmlSanitizer::class)->addArgument(new Reference($configId));
+            $container->register($sanitizerId, HtmlSanitizer::class)
+                ->addTag('html_sanitizer', ['sanitizer' => $sanitizerName])
+                ->addArgument(new Reference($configId));
 
-            $container->registerAliasForArgument($sanitizerId, HtmlSanitizerInterface::class, $sanitizerName);
+            if ('default' !== $sanitizerName) {
+                $container->registerAliasForArgument($sanitizerId, HtmlSanitizerInterface::class, $sanitizerName);
+            }
         }
-
-        $default = $config['default'] ? 'html_sanitizer.sanitizer.'.$config['default'] : 'html_sanitizer';
-        $container->setAlias(HtmlSanitizerInterface::class, new Reference($default));
     }
 
     private function resolveTrustedHeaders(array $headers): int
diff --git a/Resources/config/form.php b/Resources/config/form.php
@@ -19,8 +19,10 @@
 use Symfony\Component\Form\Extension\Core\Type\FileType;
 use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\Extension\Core\Type\TransformationFailureExtension;
 use Symfony\Component\Form\Extension\DependencyInjection\DependencyInjectionExtension;
+use Symfony\Component\Form\Extension\HtmlSanitizer\Type\TextTypeHtmlSanitizerExtension;
 use Symfony\Component\Form\Extension\HttpFoundation\HttpFoundationRequestHandler;
 use Symfony\Component\Form\Extension\HttpFoundation\Type\FormTypeHttpFoundationExtension;
 use Symfony\Component\Form\Extension\Validator\Type\FormTypeValidatorExtension;
@@ -113,6 +115,10 @@
             ->args([service('translator')->ignoreOnInvalid()])
             ->tag('form.type_extension', ['extended-type' => FormType::class])
 
+        ->set('form.type_extension.form.html_sanitizer', TextTypeHtmlSanitizerExtension::class)
+            ->args([tagged_locator('html_sanitizer', 'sanitizer')])
+            ->tag('form.type_extension', ['extended-type' => TextType::class])
+
         ->set('form.type_extension.form.http_foundation', FormTypeHttpFoundationExtension::class)
             ->args([service('form.type_extension.form.request_handler')])
             ->tag('form.type_extension')
diff --git a/Resources/config/html_sanitizer.php b/Resources/config/html_sanitizer.php
@@ -13,13 +13,18 @@
 
 use Symfony\Component\HtmlSanitizer\HtmlSanitizer;
 use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
-        ->set('html_sanitizer.config', HtmlSanitizerConfig::class)
+        ->set('html_sanitizer.config.default', HtmlSanitizerConfig::class)
             ->call('allowSafeElements')
 
-        ->set('html_sanitizer', HtmlSanitizer::class)
+        ->set('html_sanitizer.sanitizer.default', HtmlSanitizer::class)
             ->args([service('html_sanitizer.config')])
+            ->tag('html_sanitizer', ['name' => 'default'])
+
+        ->alias('html_sanitizer', 'html_sanitizer.sanitizer.default')
+        ->alias(HtmlSanitizerInterface::class, 'html_sanitizer')
     ;
 };
diff --git a/Resources/config/schema/symfony-1.0.xsd b/Resources/config/schema/symfony-1.0.xsd
@@ -826,7 +826,6 @@
             <xsd:element name="sanitizer" type="sanitizer" minOccurs="0" maxOccurs="unbounded" />
         </xsd:sequence>
         <xsd:attribute name="enabled" type="xsd:boolean" />
-        <xsd:attribute name="default" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="sanitizer">
diff --git a/Tests/DependencyInjection/ConfigurationTest.php b/Tests/DependencyInjection/ConfigurationTest.php
@@ -652,7 +652,6 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
             ],
             'html_sanitizer' => [
                 'enabled' => !class_exists(FullStack::class) && class_exists(HtmlSanitizer::class),
-                'default' => null,
                 'sanitizers' => [],
             ],
             'exceptions' => [],
diff --git a/Tests/DependencyInjection/Fixtures/php/html_sanitizer.php b/Tests/DependencyInjection/Fixtures/php/html_sanitizer.php
@@ -3,9 +3,8 @@
 $container->loadFromExtension('framework', [
     'http_method_override' => false,
     'html_sanitizer' => [
-        'default' => 'my.sanitizer',
         'sanitizers' => [
-            'my.sanitizer' => [
+            'default' => [
                 'allow_safe_elements' => true,
                 'allow_all_static_elements' => true,
                 'allow_elements' => [
diff --git a/Tests/DependencyInjection/Fixtures/xml/html_sanitizer.xml b/Tests/DependencyInjection/Fixtures/xml/html_sanitizer.xml
@@ -6,8 +6,8 @@
                         http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <config xmlns="http://symfony.com/schema/dic/symfony" http-method-override="false">
-        <html-sanitizer default="my.sanitizer">
-            <sanitizer name="my.sanitizer"
+        <html-sanitizer>
+            <sanitizer name="default"
                 allow-safe-elements="true"
                 allow-all-static-elements="true"
                 force-https-urls="true"
diff --git a/Tests/DependencyInjection/Fixtures/yml/html_sanitizer.yml b/Tests/DependencyInjection/Fixtures/yml/html_sanitizer.yml
@@ -1,9 +1,8 @@
 framework:
     http_method_override: false
     html_sanitizer:
-        default: my.sanitizer
         sanitizers:
-            my.sanitizer:
+            default:
                 allow_safe_elements: true
                 allow_all_static_elements: true
                 allow_elements:
diff --git a/Tests/DependencyInjection/FrameworkExtensionTest.php b/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -2030,27 +2030,16 @@ public function testHtmlSanitizer()
         $container = $this->createContainerFromFile('html_sanitizer');
 
         // html_sanitizer service
-        $this->assertTrue($container->hasDefinition('html_sanitizer'), '->registerHtmlSanitizerConfiguration() loads html_sanitizer.php');
-        $this->assertSame(HtmlSanitizer::class, $container->getDefinition('html_sanitizer')->getClass());
-        $this->assertCount(1, $args = $container->getDefinition('html_sanitizer')->getArguments());
-        $this->assertSame('html_sanitizer.config', (string) $args[0]);
-
-        // html_sanitizer.config service
-        $this->assertTrue($container->hasDefinition('html_sanitizer.config'), '->registerHtmlSanitizerConfiguration() loads html_sanitizer.php');
-        $this->assertSame(HtmlSanitizerConfig::class, $container->getDefinition('html_sanitizer.config')->getClass());
-        $this->assertCount(1, $calls = $container->getDefinition('html_sanitizer.config')->getMethodCalls());
-        $this->assertSame(['allowSafeElements', []], $calls[0]);
-
-        // my.sanitizer
-        $this->assertTrue($container->hasDefinition('html_sanitizer.sanitizer.my.sanitizer'), '->registerHtmlSanitizerConfiguration() loads custom sanitizer');
-        $this->assertSame(HtmlSanitizer::class, $container->getDefinition('html_sanitizer.sanitizer.my.sanitizer')->getClass());
-        $this->assertCount(1, $args = $container->getDefinition('html_sanitizer.sanitizer.my.sanitizer')->getArguments());
-        $this->assertSame('html_sanitizer.config.my.sanitizer', (string) $args[0]);
-
-        // my.sanitizer config
-        $this->assertTrue($container->hasDefinition('html_sanitizer.config.my.sanitizer'), '->registerHtmlSanitizerConfiguration() loads custom sanitizer');
-        $this->assertSame(HtmlSanitizerConfig::class, $container->getDefinition('html_sanitizer.config.my.sanitizer')->getClass());
-        $this->assertCount(23, $calls = $container->getDefinition('html_sanitizer.config.my.sanitizer')->getMethodCalls());
+        $this->assertTrue($container->hasAlias('html_sanitizer'), '->registerHtmlSanitizerConfiguration() loads html_sanitizer.php');
+        $this->assertSame('html_sanitizer.sanitizer.default', (string) $container->getAlias('html_sanitizer'));
+        $this->assertSame(HtmlSanitizer::class, $container->getDefinition('html_sanitizer.sanitizer.default')->getClass());
+        $this->assertCount(1, $args = $container->getDefinition('html_sanitizer.sanitizer.default')->getArguments());
+        $this->assertSame('html_sanitizer.config.default', (string) $args[0]);
+
+        // config
+        $this->assertTrue($container->hasDefinition('html_sanitizer.config.default'), '->registerHtmlSanitizerConfiguration() loads custom sanitizer');
+        $this->assertSame(HtmlSanitizerConfig::class, $container->getDefinition('html_sanitizer.config.default')->getClass());
+        $this->assertCount(23, $calls = $container->getDefinition('html_sanitizer.config.default')->getMethodCalls());
         $this->assertSame(
             [
                 ['allowSafeElements', [], true],
@@ -2092,11 +2081,11 @@ static function ($call) {
         );
 
         // Named alias
-        $this->assertSame('html_sanitizer.sanitizer.my.sanitizer', (string) $container->getAlias(HtmlSanitizerInterface::class.' $mySanitizer'), '->registerHtmlSanitizerConfiguration() creates appropriate named alias');
-        $this->assertSame('html_sanitizer.sanitizer.all.sanitizer', (string) $container->getAlias(HtmlSanitizerInterface::class.' $allSanitizer'), '->registerHtmlSanitizerConfiguration() creates appropriate named alias');
+        $this->assertSame('html_sanitizer.sanitizer.all.sanitizer', (string) $container->getAlias(HtmlSanitizerInterface::class.' $allSanitizer'));
+        $this->assertFalse($container->hasAlias(HtmlSanitizerInterface::class.' $default'));
 
         // Default alias
-        $this->assertSame('html_sanitizer.sanitizer.my.sanitizer', (string) $container->getAlias(HtmlSanitizerInterface::class), '->registerHtmlSanitizerConfiguration() creates appropriate default alias');
+        $this->assertSame('html_sanitizer', (string) $container->getAlias(HtmlSanitizerInterface::class));
     }
 
     protected function createContainer(array $data = [])
