基于 SF6 檔案,我嘗試在來自資料庫的一些 html 上使用新的 HtmlSanitizer 組件( https://symfony.com/doc/current/html_sanitizer.html ),沒什么特別的,真的:
<section class="main">
<div class="class-name">
<p>
This is a paragraph, with <strong>words</strong> in it, it also has a <a href="/some/relative/link">relative link</a> and a <a href="https://www.google.com/">absolute</a> one as well.
</p>
</div>
</section>
當我通過默認的消毒劑傳遞它時,html 輸出是:
<section>
<div>
<p>
This is a paragraph, with <strong>words</strong> in it, it also has a <a>relative link</a> and a <a href="https://www.google.com/">absolute</a> one as well.
</p>
</div>
</section>
所以我的類屬性被洗掉了,相對 URL 也被洗掉了,但奇怪的是,絕對 URL 被保留了。
我嘗試使用以下配置創建自定義消毒劑:
framework:
html_sanitizer:
sanitizers:
app.wysiwyg_sanitizer:
allow_safe_elements: true
allow_static_elements: true
allow_relative_links: true
allow_relative_medias: true
當我使用它時,幾乎可以正常作業,除了包含絕對 URL 的鏈接被渲染為不可用:
<section class="main">
<div class="class-name">
<p>
This is a paragraph, with <strong>words</strong> in it, it also has a <a href="/some/relative/link">relative link</a> and a <a>absolute</a> one as well.
</p>
</div>
</section>
這是它的PHP,沒有太多進展:
#[Route('/', name: 'app_home')]
public function index(HtmlSanitizerInterface $sanitizer, HtmlSanitizerInterface $appWysiwygSanitizer): Response
{
$html = '
<section >
<div >
<p>
This is a paragraph, with <strong>words</strong> in it, it also has a <a href="/some/relative/link">relative link</a> and a <a href="https://www.google.com/">absolute</a> one as well.
</p>
</div>
</section>';
$response = 'Default: ' . $sanitizer->sanitize($html);
$response .= PHP_EOL;
$response .= 'Custom: ' . $appWysiwygSanitizer->sanitize($html);
return new Response($response);
}
知道我做錯了什么嗎?我只需要正確呈現這些鏈接,我似乎無法找到一種方法來做到這一點。
uj5u.com熱心網友回復:
我認為您必須明確允許鏈接方案:
framework:
html_sanitizer:
sanitizers:
app.wysiwyg_sanitizer:
...
allowed_link_schemes: ['http', 'https', 'mailto']
編輯:似乎有必要在組態檔修改后做一個 clear:cache 以使其生效
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/507516.html
上一篇:查看登錄用戶的產品
