Step 9a: Using ExerciseHTMLPurifierBundle

FOSCommentBundle allows you to use ExerciseHTMLPurifierBundle to sanitise HTML entered into comments.

FOSCommentBundle 允许您使用 ExerciseHTMLPurifierBundle 清理HTML获取评论。


** Note: **

** 注意: **

Letting users post HTML directly without appropriate safety measures can lead to XSS attacks. Be careful with your HTMLPurifier configuration!

让用户直接发送HTML,而没有采取适当的安全措施可以导致XSS***。请小心配置您的HTMLPurifier的配置。

FOSCommentBundle does not automatically define the parsing bridge service forHTMLPurifier. You will need to do this in your application configuration.

FOSCommentBundle不能自行为HTMLPurifier定义解析桥服务,因此您需要在您的应用程序配置中完成它。


Additionally, you are required to tell FOSCommentBundle about this markup class so that it knows to use it. Both requirements are listed in the code block below

另外,为了让FOSCommentBundle知道要使用该标识类,您需要告诉它。上述两个要求都被列在下面的代码块中:

# app/config/config.yml
services:
    # ...
    markup.exercise_html_purifier:
        class: FOS\CommentBundle\Markup\HtmlPurifier
        arguments: [ @exercise_html_purifier.default ]
    # ...
fos_comment:
    # ...
    service:
        markup: markup.exercise_html_purifier
    # ...

You are able to define different configurations for HTMLPurifierBundle, just change the argument given to the parser bridge to reflect the new HTMLPurifier configuration you have created. More information on this can be found at ExerciseHTMLPurifierBundle's documentation

您可以为HTMLPurifierBundle功能包定义不同的配置,只需要改变到解析桥的参数,让其反射到您新创建的HTMLPurifier配置即可。更多信息可参阅ExerciseHTMLPurifierBundle功能包文档

That is it!

Return to the index.

返回到指南索引页