• 原文出处:

  • 原文作者:

  • 授权许可:

  • 翻译人员:FireHare

  • 校对人员:

  • 适用版本:FOSCommentBundle 2.0.5

  • 文章状态:草译阶段

Step 9a: Using ExerciseHTMLPurifierBundle

FOSCommentBundle allows you to use to sanitise HTML entered into comments.

FOSCommentBundle 允许您使用 清理HTML获取评论。

** Note: **

** 注意: **

Letting users post HTML directly without appropriate safety measures can lead to XSS attacks. Be careful with your HTMLPurifier configuration!


FOSCommentBundle does not automatically define the parsing bridge service forHTMLPurifier. You will need to do this in your application configuration.


Additionally, you are required to tell FOSCommentBundle about this markup class so that it knows to use it. Both requirements are listed in the code block below


# app/config/config.ymlservices:    # ...    markup.exercise_html_purifier:        class: FOS\CommentBundle\Markup\HtmlPurifier        arguments: [ @exercise_html_purifier.default ]    # ...fos_comment:    # ...    service:        markup: markup.exercise_html_purifier    # ...

You are able to define different configurations for HTMLPurifierBundle, just change the argument given to the parser bridge to reflect the new HTMLPurifier configuration you have created. More information on this can be found at


That is it!