is backed by basecom. As a professional software service provider, basecom implements customized solutions in the areas of e-commerce, PIM solutions and web portals. With our experience and certified expertise, we have been one of the most renowned Symfony specialists in Germany for many years.
Symfony 6.1 will be released at the end of May 2022 and it will require
PHP 8.1 or higher. This is the first article of the series that shows the most
important new features introduced by Symfony 6.1.
Web applications often need to work with HTML contents generated by users. It’s
difficult to do so in a safe way. Rendering those unsafe HTML contents in a
Twig template or injecting them via JavaScript in the innerHTML property of
elements can lead to unwanted and dangerous JavaScript code execution.
HTML sanitization is “the process of examining an HTML document and
producing a new HTML document that preserves only whatever tags or attributes
that are designated safe and desired”.
Most of the times, this sanitization process is used to protect against attacks
such as cross-site scripting (XSS). However, sanitization is also about fixing
wrong HTML contents in the best way possible:
In Symfony 6.1 we’re adding a PHP-based HTML sanitizer so you can transform
user generated HTML content into safe HTML content. This new component is similar
to the upcoming W3C HTML Sanitizer API and we even use the same method names
whenever possible to ease the learning curve.
In addition to adding and removing HTML elements and attributes, you can force
the value of some attributes to improve the resulting HTML contents:
In addition to these, there are many other configuration options. Check out the
docs for the HtmlSanitizer bundle. Once configured, use the sanitizer as follows:
