Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow explicit non string types through without being cast to empty strings #148

Merged
merged 3 commits into from
Mar 24, 2021
Merged

Allow explicit non string types through without being cast to empty strings #148

merged 3 commits into from
Mar 24, 2021

Conversation

incentify-dev
Copy link
Contributor

This is a proposed fix for open issue #103

This config option is OFF by default (including old configs not updated). Test have been added.

@incentify-dev
Adding pass through support for NULL values as a configuration option…
bc12b36 
…, OFF by default (including old configs not updated).
@incentify-dev incentify-dev mentioned this pull request Mar 22, 2021
Open
@codecov-io
Copy link

Codecov Report

Merging #148 (bc12b36) into master (8e0b3d8) will increase coverage by 0.10%.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #148      +/-   ##
============================================
+ Coverage     88.18%   88.28%   +0.10%     
- Complexity       46       48       +2     
============================================
  Files             4        4              
  Lines           110      111       +1     
============================================
+ Hits             97       98       +1     
  Misses           13       13
Impacted Files Coverage Δ Complexity Δ
src/Purifier.php 89.36% <100.00%> (+0.23%) 41.00 <0.00> (+2.00)
src/PurifierServiceProvider.php 85.71% <0.00%> (-0.96%) 6.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8e0b3d8...bc12b36. Read the comment docs.

@incentify-dev incentify-dev changed the title Adding pass through support for NULL values as a configuration option Allow explicit non string types through without being cast to empty strings Mar 23, 2021
@incentify-dev
Copy link
Contributor Author

I wanted to add a little more information about this. With the default config out of this box for this library, see the below code block showing the input/output when explicit types are passed in (Imagine a use case like sanitizing the entire Laravel Input array):

$input = [
      'good'=>'<span id="some-id">This is my H1 title',
      'bad'=>'<script>alert(\'XSS\');</script>',
      'empty'=>null,
      'bool'=>false,
      'bool2'=>true,
      'float'=>4.321,
  ];
  $output = [
      'good'=>'<p><span>This is my H1 title</span></p>',
      'bad'=>'',
      'empty'=>'',
      'bool'=>'',
      'bool2'=>'<p>1</p>',
      'float'=>'<p>4.321</p>'
  ];

For the APIs I'm using this project with, this loss of explicit type is destructive, and it seems reasonable that there should be a configuration option to bypass purification for non string values. I'm open to other approaches, and perhaps being more restrictive, only passing through types which can pass explicit built in checks (eg: is_int, is_float, is_bool, is_null, etc)

@mewebstudio mewebstudio merged commit c81d5ed into mewebstudio:master Mar 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@incentify-dev @codecov-io @mewebstudio