[HtmlSanitizer] Add functions to handle operations on multiple attributes or elements at the same time

EdouardCourty · EdouardCourty · commit 7ca3b95ddbda · 2023-12-07T15:23:00.000+01:00
- Wrapped some logic in private functions to stay DRY
- Fixed PHPDoc comments
- Fixed typo
diff --git a/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php b/src/Symfony/Component/HtmlSanitizer/HtmlSanitizerConfig.php
@@ -260,16 +260,7 @@ public function forceHttpsUrls(bool $forceHttpsUrls = true): static
     public function allowElement(string $element, array|string $allowedAttributes = []): static
     {
         $clone = clone $this;
-
-        // Unblock the element is necessary
-        unset($clone->blockedElements[$element]);
-
-        $clone->allowedElements[$element] = [];
-
-        $attrs = ('*' === $allowedAttributes) ? array_keys(W3CReference::ATTRIBUTES) : (array) $allowedAttributes;
-        foreach ($attrs as $allowedAttr) {
-            $clone->allowedElements[$element][$allowedAttr] = true;
-        }
+        $this->handleAllowElement($clone, $element, $allowedAttributes);
 
         return $clone;
     }
@@ -279,19 +270,19 @@ public function allowElement(string $element, array|string $allowedAttributes =
      *
      * Allowed elements are elements the sanitizer should retain from the input.
      *
-     * A list of allowed attributes for this element can be passed as a second argument.
+     * A list of allowed attributes for these elements can be passed as a second argument.
      * Passing "*" will allow all standard attributes on this element. By default, no
      * attributes are allowed on the element.
      *
-     * @param list<string>        $elements
+     * @param string[]            $elements
      * @param list<string>|string $allowedAttributes
      */
     public function allowElements(array $elements, array|string $allowedAttributes = []): static
     {
         $clone = clone $this;
 
         foreach ($elements as $element) {
-            $clone = $clone->allowElement($element, $allowedAttributes);
+            $this->handleAllowElement($clone, $element, $allowedAttributes);
         }
 
         return $clone;
@@ -306,11 +297,7 @@ public function allowElements(array $elements, array|string $allowedAttributes =
     public function blockElement(string $element): static
     {
         $clone = clone $this;
-
-        // Disallow the element is necessary
-        unset($clone->allowedElements[$element]);
-
-        $clone->blockedElements[$element] = true;
+        $this->handleBlockElement($clone, $element);
 
         return $clone;
     }
@@ -326,7 +313,7 @@ public function blockElements(array $elements): static
         $clone = clone $this;
 
         foreach ($elements as $element) {
-            $clone = $clone->blockElement($element);
+            $this->handleBlockElement($clone, $element);
         }
 
         return $clone;
@@ -345,7 +332,7 @@ public function blockElements(array $elements): static
     public function dropElement(string $element): static
     {
         $clone = clone $this;
-        unset($clone->allowedElements[$element], $clone->blockedElements[$element]);
+        $this->handleDropElement($clone, $element);
 
         return $clone;
     }
@@ -367,7 +354,7 @@ public function dropElements(array $elements): static
         $clone = clone $this;
 
         foreach ($elements as $element) {
-            $clone = $clone->dropElement($element);
+            $this->handleDropElement($clone, $element);
         }
 
         return $clone;
@@ -386,18 +373,7 @@ public function dropElements(array $elements): static
     public function allowAttribute(string $attribute, array|string $allowedElements): static
     {
         $clone = clone $this;
-        $allowedElements = ('*' === $allowedElements) ? array_keys($clone->allowedElements) : (array) $allowedElements;
-
-        // For each configured element ...
-        foreach ($clone->allowedElements as $element => $attrs) {
-            if (\in_array($element, $allowedElements, true)) {
-                // ... if the attribute should be allowed, add it
-                $clone->allowedElements[$element][$attribute] = true;
-            } else {
-                // ... if the attribute should not be allowed, remove it
-                unset($clone->allowedElements[$element][$attribute]);
-            }
-        }
+        $this->handleAllowAttribute($clone, $allowedElements, $attribute);
 
         return $clone;
     }
@@ -412,15 +388,15 @@ public function allowAttribute(string $attribute, array|string $allowedElements)
      *
      * To configure each attribute for a specific element, please use the allowAttribute method instead.
      *
-     * @param list<string>        $attributes
+     * @param string[]            $attributes
      * @param list<string>|string $allowedElements
      */
     public function allowAttributes(array $attributes, array|string $allowedElements): static
     {
         $clone = clone $this;
 
         foreach ($attributes as $attribute) {
-            $clone = $clone->allowAttribute($attribute, $allowedElements);
+            $this->handleAllowAttribute($clone, $allowedElements, $attribute);
         }
 
         return $clone;
@@ -443,13 +419,7 @@ public function allowAttributes(array $attributes, array|string $allowedElements
     public function dropAttribute(string $attribute, array|string $droppedElements): static
     {
         $clone = clone $this;
-        $droppedElements = ('*' === $droppedElements) ? array_keys($clone->allowedElements) : (array) $droppedElements;
-
-        foreach ($droppedElements as $element) {
-            if (isset($clone->allowedElements[$element][$attribute])) {
-                unset($clone->allowedElements[$element][$attribute]);
-            }
-        }
+        $this->handleDropAttribute($clone, $droppedElements, $attribute);
 
         return $clone;
     }
@@ -466,15 +436,15 @@ public function dropAttribute(string $attribute, array|string $droppedElements):
      * automatically. This method let you drop attributes that were allowed earlier
      * in the configuration.
      *
-     * @param list<string>        $attributes
+     * @param string[]            $attributes
      * @param list<string>|string $droppedElements
      */
     public function dropAttributes(array $attributes, array|string $droppedElements): static
     {
         $clone = clone $this;
 
         foreach ($attributes as $attribute) {
-            $clone = $clone->dropAttribute($attribute, $droppedElements);
+            $this->handleDropAttribute($clone, $droppedElements, $attribute);
         }
 
         return $clone;
@@ -617,4 +587,80 @@ public function getAttributeSanitizers(): array
     {
         return $this->attributeSanitizers;
     }
+
+    /**
+     * @param HtmlSanitizerConfig $clone
+     * @param string[]|string $allowedElements
+     * @param string $attribute
+     */
+    public function handleAllowAttribute(HtmlSanitizerConfig $clone, array|string $allowedElements, string $attribute): void
+    {
+        $allowedElements = ('*' === $allowedElements) ? array_keys($clone->allowedElements) : (array)$allowedElements;
+
+        // For each configured element ...
+        foreach ($clone->allowedElements as $element => $attrs) {
+            if (\in_array($element, $allowedElements, true)) {
+                // ... if the attribute should be allowed, add it
+                $clone->allowedElements[$element][$attribute] = true;
+            } else {
+                // ... if the attribute should not be allowed, remove it
+                unset($clone->allowedElements[$element][$attribute]);
+            }
+        }
+    }
+
+    /**
+     * @param HtmlSanitizerConfig $clone
+     * @param string $element
+     * @param string[]|string $allowedAttributes
+     */
+    private function handleAllowElement(HtmlSanitizerConfig $clone, string $element, array|string $allowedAttributes): void
+    {
+        // Unblock the element is necessary
+        unset($clone->blockedElements[$element]);
+
+        $clone->allowedElements[$element] = [];
+
+        $attrs = ('*' === $allowedAttributes) ? array_keys(W3CReference::ATTRIBUTES) : (array) $allowedAttributes;
+        foreach ($attrs as $allowedAttr) {
+            $clone->allowedElements[$element][$allowedAttr] = true;
+        }
+    }
+
+    /**
+     * @param HtmlSanitizerConfig $clone
+     * @param string $element
+     */
+    private function handleBlockElement(HtmlSanitizerConfig $clone, string $element): void
+    {
+        // Disallow the element is necessary
+        unset($clone->allowedElements[$element]);
+
+        $clone->blockedElements[$element] = true;
+    }
+
+    /**
+     * @param HtmlSanitizerConfig $clone
+     * @param string[]|string $droppedElements
+     * @param string $attribute
+     */
+    private function handleDropAttribute(HtmlSanitizerConfig $clone, array|string $droppedElements, string $attribute): void
+    {
+        $droppedElements = ('*' === $droppedElements) ? array_keys($clone->allowedElements) : (array) $droppedElements;
+
+        foreach ($droppedElements as $element) {
+            if (isset($clone->allowedElements[$element][$attribute])) {
+                unset($clone->allowedElements[$element][$attribute]);
+            }
+        }
+    }
+
+    /**
+     * @param HtmlSanitizerConfig $clone
+     * @param string $element
+     */
+    private function handleDropElement(HtmlSanitizerConfig $clone, string $element): void
+    {
+        unset($clone->allowedElements[$element], $clone->blockedElements[$element]);
+    }
 }
