groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-17 08:01:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use HTML sanatizer to harden HTML rendering on log_details page

Browse source 
Should be more safe than use |raw directly and for these smalls things performance hit is zero.
This commit is contained in:
Jan Böhmer 2026-06-10 23:43:07 +02:00
parent b357ee196c
commit 8421636b1c
4 changed files with 80 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/reference.php
View file

@ -653,7 +653,7 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
* time_based_uuid_node?: scalar|Param|null,
* },
* html_sanitizer?: bool|array{ // HtmlSanitizer configuration
* enabled?: bool|Param, // Default: false
* enabled?: bool|Param, // Default: true
* sanitizers?: array<string, array{ // Default: []
* allow_safe_elements?: bool|Param, // Allows "safe" elements and attributes. // Default: false
* allow_static_elements?: bool|Param, // Allows all static elements and attributes from the W3C Sanitizer API standard. // Default: false