[FrameworkBundle][TwigBundle][Form] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer

Author: nicolas-grekas

Extension/HtmlSanitizer/HtmlSanitizerExtension.php

@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\HtmlSanitizer;
+
+use Psr\Container\ContainerInterface;
+use Symfony\Component\Form\AbstractExtension;
+
+/**
+ * Integrates the HtmlSanitizer component with the Form library.
+ *
+ * @author Nicolas Grekas <[email protected]>
+ */
+class HtmlSanitizerExtension extends AbstractExtension
+{
+    public function __construct(
+        private ContainerInterface $sanitizers,
+        private string $defaultSanitizer = 'default',
+    ) {
+    }
+
+    protected function loadTypeExtensions(): array
+    {
+        return [
+            new Type\TextTypeHtmlSanitizerExtension($this->sanitizers, $this->defaultSanitizer),
+        ];
+    }
+}

Extension/HtmlSanitizer/Type/TextTypeHtmlSanitizerExtension.php

@@ -0,0 +1,66 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\HtmlSanitizer\Type;
+
+use Psr\Container\ContainerInterface;
+use Symfony\Component\Form\AbstractTypeExtension;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+/**
+ * @author Titouan Galopin <[email protected]>
+ */
+class TextTypeHtmlSanitizerExtension extends AbstractTypeExtension
+{
+    public function __construct(
+        private ContainerInterface $sanitizers,
+        private string $defaultSanitizer = 'default',
+    ) {
+    }
+
+    public static function getExtendedTypes(): iterable
+    {
+        return [TextType::class];
+    }
+
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver
+            ->setDefaults(['sanitize_html' => false, 'sanitizer' => null])
+            ->setAllowedTypes('sanitize_html', 'bool')
+            ->setAllowedTypes('sanitizer', ['string', 'null'])
+        ;
+    }
+
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        if (!$options['sanitize_html']) {
+            return;
+        }
+
+        $sanitizers = $this->sanitizers;
+        $sanitizer = $options['sanitizer'] ?? $this->defaultSanitizer;
+
+        $builder->addEventListener(
+            FormEvents::PRE_SUBMIT,
+            static function (FormEvent $event) use ($sanitizers, $sanitizer) {
+                if (is_scalar($data = $event->getData()) && '' !== trim($data)) {
+                    $event->setData($sanitizers->get($sanitizer)->sanitize($data));
+                }
+            },
+            10000 /* as soon as possible */
+        );
+    }
+}

Tests/Extension/HtmlSanitizer/Type/TextTypeHtmlSanitizerExtensionTest.php

@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Tests\Extension\Csrf\Type;
+
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\Form\Extension\Core\Type\FormType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\Extension\HtmlSanitizer\HtmlSanitizerExtension;
+use Symfony\Component\Form\Test\TypeTestCase;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
+
+class TextTypeHtmlSanitizerExtensionTest extends TypeTestCase
+{
+    protected function getExtensions()
+    {
+        $fooSanitizer = $this->createMock(HtmlSanitizerInterface::class);
+        $fooSanitizer->expects($this->once())
+            ->method('sanitize')
+            ->with('foobar')
+            ->willReturn('foo');
+
+        $barSanitizer = $this->createMock(HtmlSanitizerInterface::class);
+        $barSanitizer->expects($this->once())
+            ->method('sanitize')
+            ->with('foobar')
+            ->willReturn('bar');
+
+        return array_merge(parent::getExtensions(), [
+            new HtmlSanitizerExtension(new ServiceLocator([
+                'foo' => fn () => $fooSanitizer,
+                'bar' => fn () => $barSanitizer,
+            ]), 'foo'),
+        ]);
+    }
+
+    public function testSanitizer()
+    {
+        $form = $this->factory->createBuilder(FormType::class, ['data' => null])
+            ->add('data', TextType::class, ['sanitize_html' => true])
+            ->getForm()
+        ;
+        $form->submit(['data' => 'foobar']);
+
+        $this->assertSame(['data' => 'foo'], $form->getData());
+
+        $form = $this->factory->createBuilder(FormType::class, ['data' => null])
+            ->add('data', TextType::class, ['sanitize_html' => true, 'sanitizer' => 'bar'])
+            ->getForm()
+        ;
+        $form->submit(['data' => 'foobar']);
+
+        $this->assertSame(['data' => 'bar'], $form->getData());
+    }
+}

composer.json

@@ -33,6 +33,7 @@
         "symfony/expression-language": "^5.4|^6.0",
         "symfony/config": "^5.4|^6.0",
         "symfony/console": "^5.4|^6.0",
+        "symfony/html-sanitizer": "^6.1",
         "symfony/http-foundation": "^5.4|^6.0",
         "symfony/http-kernel": "^5.4|^6.0",
         "symfony/intl": "^5.4|^6.0",