HTML Sanitizer #42827

tonysm · 2022-06-15T21:07:34Z

tonysm
Jun 15, 2022

Looks like Symfony has a stable release of their HTML Sanitizer. I was wondering if it wouldn't be cool to have something like that upstream in the Laravel core. Maybe something like:

{{ s($post->body) }}

Assuming the body field there has HTML on it, the s() function would sanitize the content and return an instance of HtmlString.

It could ship only with the Element Baseline and allow app-land code to override it using a callable, something like:

use Illuminate\View\HtmlSanitizer;
use Symfony\Component\HtmlSanitizer\HtmlSanitizer as SymfonyHtmlSanitizer;
use Symfony\Component\HtmlSanitizer\HtmlSanitizerConfig;

// Somewhere in AppServiceProvider
HtmlSanitizer::configureUsing(fn () => new SymfonyHtmlSanitizer(
    (new HtmlSanitizerConfig())
        ->blockElement('h1')
));

This being in the core would mean more eyes on how sanitization is done.

jva91 · 2022-10-21T06:40:03Z

jva91
Oct 21, 2022

This would be really nice when a sanitizer option is available in Laravel core. The Symfony Sanitizer looks nice to implement

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HTML Sanitizer #42827

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

HTML Sanitizer #42827

Uh oh!

Uh oh!

tonysm Jun 15, 2022

Replies: 1 comment

Uh oh!

jva91 Oct 21, 2022

tonysm
Jun 15, 2022

jva91
Oct 21, 2022