Commit 10bdc758 authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[TASK] Forward initiator to typo3/html-sanitizer

A new `SanitizerInitiator` is added and forwarded to
`typo3/html-sanitizer`. This allows getting a full stack-trace
when HTML nodes have been sanitized/modified and to debug the
actual cause (initiator) much better.

To receive corresponding initiator stack-traces

* logging for TYPO3.HtmlSanitizer namespace needs to be enabled
* TypoScript `config.debug = 1` must be set, or as a fall-back
  `$GLOBALS['TYPO3_CONF_VARS']['FE']['debug'] = true;` must be set
* HTML sanitizer must have found and modified invalid tags/attributes

Resolves: #94837
Releases: master, 11.3, 10.4, 9.5
Change-Id: I0239785d347d2c4ad6153ccb26130556399949d8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70510


Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 6f7c961a
......@@ -1410,6 +1410,7 @@ class RteHtmlParser extends HtmlParser implements LoggerAwareInterface
$builder = $factory->build($build);
}
$sanitizer = $builder->build();
return $sanitizer->sanitize($content);
$initiator = GeneralUtility::makeInstance(SanitizerInitiator::class, get_class($this));
return $sanitizer->sanitize($content, $initiator);
}
}
<?php
declare(strict_types = 1);
/*
* This file is part of the TYPO3 project.
*
* It is free software; you can redistribute it and/or modify it under the terms
* of the MIT License (MIT). For the full copyright and license information,
* please read the LICENSE file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
namespace TYPO3\CMS\Core\Html;
use TYPO3\HtmlSanitizer\InitiatorInterface;
/**
* Initiator for HTML sanitization process, forwarded to sanitizer and used during logging.
*
* @internal
*/
class SanitizerInitiator implements InitiatorInterface
{
/**
* @var string
*/
protected $trace;
public function __construct(string $trace)
{
$this->trace = $trace;
}
public function __toString(): string
{
return $this->trace;
}
}
......@@ -32,6 +32,7 @@ use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
use TYPO3\CMS\Core\Html\HtmlParser;
use TYPO3\CMS\Core\Html\SanitizerBuilderFactory;
use TYPO3\CMS\Core\Html\SanitizerInitiator;
use TYPO3\CMS\Core\Imaging\ImageManipulation\Area;
use TYPO3\CMS\Core\Imaging\ImageManipulation\CropVariantCollection;
use TYPO3\CMS\Core\LinkHandling\LinkService;
......@@ -2933,7 +2934,10 @@ class ContentObjectRenderer implements LoggerAwareInterface
$builder = $factory->build($build);
}
$sanitizer = $builder->build();
return $sanitizer->sanitize($content);
$initiator = $this->shallDebug()
? GeneralUtility::makeInstance(SanitizerInitiator::class, DebugUtility::debugTrail())
: null;
return $sanitizer->sanitize($content, $initiator);
}
/**
......@@ -7560,4 +7564,13 @@ class ContentObjectRenderer implements LoggerAwareInterface
// Otherwise just return the link text
return $linkText;
}
protected function shallDebug(): bool
{
$tsfe = $this->getTypoScriptFrontendController();
if ($tsfe !== null && isset($tsfe->config['config']['debug'])) {
return (bool)($tsfe->config['config']['debug']);
}
return !empty($GLOBALS['TYPO3_CONF_VARS']['FE']['debug']);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment