[FrameworkBundle][TwigBundle][Form] Add Twig filter, form-type extension and improve service definitions for HtmlSanitizer

Author: nicolas-grekas

Extension/HtmlSanitizerExtension.php

@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Twig\Extension;
+
+use Psr\Container\ContainerInterface;
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFilter;
+
+/**
+ * @author Titouan Galopin <[email protected]>
+ */
+final class HtmlSanitizerExtension extends AbstractExtension
+{
+    public function __construct(
+        private ContainerInterface $sanitizers,
+        private string $defaultSanitizer = 'default',
+    ) {
+    }
+
+    public function getFilters(): array
+    {
+        return [
+            new TwigFilter('sanitize_html', $this->sanitize(...), ['is_safe' => ['html']]),
+        ];
+    }
+
+    public function sanitize(string $html, string $sanitizer = null): string
+    {
+        return $this->sanitizers->get($sanitizer ?? $this->defaultSanitizer)->sanitize($html);
+    }
+}

Tests/Extension/HtmlSanitizerExtensionTest.php

@@ -0,0 +1,52 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Twig\Tests\Extension;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\Twig\Extension\HtmlSanitizerExtension;
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\HtmlSanitizer\HtmlSanitizerInterface;
+use Twig\Environment;
+use Twig\Loader\ArrayLoader;
+
+class HtmlSanitizerExtensionTest extends TestCase
+{
+    public function testSanitizeHtml()
+    {
+        $loader = new ArrayLoader([
+            'foo' => '{{ "foobar"|sanitize_html }}',
+            'bar' => '{{ "foobar"|sanitize_html("bar") }}',
+        ]);
+
+        $twig = new Environment($loader, ['debug' => true, 'cache' => false, 'autoescape' => 'html', 'optimizations' => 0]);
+
+        $fooSanitizer = $this->createMock(HtmlSanitizerInterface::class);
+        $fooSanitizer->expects($this->once())
+            ->method('sanitize')
+            ->with('foobar')
+            ->willReturn('foo');
+
+        $barSanitizer = $this->createMock(HtmlSanitizerInterface::class);
+        $barSanitizer->expects($this->once())
+            ->method('sanitize')
+            ->with('foobar')
+            ->willReturn('bar');
+
+        $twig->addExtension(new HtmlSanitizerExtension(new ServiceLocator([
+            'foo' => fn () => $fooSanitizer,
+            'bar' => fn () => $barSanitizer,
+        ]), 'foo'));
+
+        $this->assertSame('foo', $twig->render('foo'));
+        $this->assertSame('bar', $twig->render('bar'));
+    }
+}

UndefinedCallableHandler.php

@@ -24,6 +24,7 @@ class UndefinedCallableHandler
     private const FILTER_COMPONENTS = [
         'humanize' => 'form',
         'trans' => 'translation',
+        'sanitize_html' => 'html-sanitizer',
         'yaml_encode' => 'yaml',
         'yaml_dump' => 'yaml',
     ];
@@ -61,6 +62,7 @@ class UndefinedCallableHandler
     ];
 
     private const FULL_STACK_ENABLE = [
+        'html-sanitizer' => 'enable "framework.html_sanitizer"',
         'form' => 'enable "framework.form"',
         'security-core' => 'add the "SecurityBundle"',
         'security-http' => 'add the "SecurityBundle"',

composer.json

@@ -28,6 +28,7 @@
         "symfony/dependency-injection": "^5.4|^6.0",
         "symfony/finder": "^5.4|^6.0",
         "symfony/form": "^6.1",
+        "symfony/html-sanitizer": "^6.1",
         "symfony/http-foundation": "^5.4|^6.0",
         "symfony/http-kernel": "^5.4|^6.0",
         "symfony/intl": "^5.4|^6.0",
@@ -65,6 +66,7 @@
         "symfony/finder": "",
         "symfony/asset": "For using the AssetExtension",
         "symfony/form": "For using the FormExtension",
+        "symfony/html-sanitizer": "For using the HtmlSanitizerExtension",
         "symfony/http-kernel": "For using the HttpKernelExtension",
         "symfony/routing": "For using the RoutingExtension",
         "symfony/translation": "For using the TranslationExtension",