[Serializer] Refactor sanitizer context keys to use SANITIZE_HTML flag and update usage across denormalizer and tests

momito69 · momito69 · commit 32e14c71f723 · 2025-10-25T09:35:05.000+02:00
diff --git a/src/Symfony/Component/Serializer/Normalizer/SanitizeDenormalizer.php b/src/Symfony/Component/Serializer/Normalizer/SanitizeDenormalizer.php
@@ -26,7 +26,8 @@ final class SanitizeDenormalizer implements DenormalizerInterface, DenormalizerA
 {
     use DenormalizerAwareTrait;
 
-    public const SANITIZER_KEY = 'sanitizer';
+    public const SANITIZER = 'sanitizer';
+    public const SANITIZE_HTML = 'sanitize_html';
     public const DEFAULT_SANITIZER = 'default';
 
     public function __construct(
@@ -60,10 +61,10 @@ public function denormalize(mixed $data, string $type, ?string $format = null, a
 
             foreach ($property->getAttributes(Context::class) as $attribute) {
                 $attributeContext = $attribute->newInstance();
-                if (!isset($attributeContext->denormalizationContext[self::SANITIZER_KEY])) {
+                if (($attributeContext->denormalizationContext[self::SANITIZE_HTML] ?? false) !== true) {
                     continue;
                 }
-                $sanitizer = $this->getSanitizer($attributeContext->denormalizationContext[self::SANITIZER_KEY]);
+                $sanitizer = $this->getSanitizer($attributeContext->denormalizationContext[self::SANITIZER] ?? self::DEFAULT_SANITIZER);
                 $sanitizedData[$name] = $this->sanitizeValue($data[$name], $sanitizer, $name);
                 $context['sanitized'] = true;
             }
@@ -89,8 +90,8 @@ public function supportsDenormalization(mixed $data, string $type, ?string $form
         $reflection = new \ReflectionClass($type);
         foreach ($reflection->getProperties() as $property) {
             foreach ($property->getAttributes(Context::class) as $attribute) {
-                $attrContext = $attribute->newInstance();
-                if (isset($attrContext->denormalizationContext[self::SANITIZER_KEY])) {
+                $attributeContext = $attribute->newInstance();
+                if (($attributeContext->denormalizationContext[self::SANITIZE_HTML] ?? false) === true) {
                     return true;
                 }
             }
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummy.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummy.php
@@ -24,7 +24,7 @@ public function __construct(
         public string $firstName,
         public string $lastName,
         #[Context(
-            denormalizationContext: [ SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER ]
+            denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ],
         )]
         public string $bio
     ) {}
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithArrayOfString.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithArrayOfString.php
@@ -22,7 +22,7 @@ class SanitizeDummyWithArrayOfString
     public function __construct(
         public string $id,
         /** @var string[] */
-        #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER])]
+        #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ])]
         public array $strings,
     ) {}
 }
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithCustomSanitizer.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithCustomSanitizer.php
@@ -20,7 +20,7 @@
 class SanitizeDummyWithCustomSanitizer
 {
     public function __construct(
-        #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => 'custom'])]
+        #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true, SanitizeDenormalizer::SANITIZER => 'custom' ])]
         public string $foo
     ) {}
 }
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithInvalidArray.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithInvalidArray.php
@@ -23,7 +23,7 @@ public function __construct(
         /**
          * @var int[]
          */
-        #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER])]
+        #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ])]
         public array $foo
     ) {}
 }
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithInvalidType.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithInvalidType.php
@@ -20,7 +20,7 @@
 class SanitizeDummyWithInvalidType
 {
     public function __construct(
-        #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER])]
+        #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ])]
         public int $foo
     ) {}
 }
diff --git a/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithUnknownSanitizer.php b/src/Symfony/Component/Serializer/Tests/Fixtures/Attributes/SanitizeDummyWithUnknownSanitizer.php
@@ -17,7 +17,7 @@
 class SanitizeDummyWithUnknownSanitizer
 {
     public function __construct(
-        #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => 'unknown'])]
+        #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true, SanitizeDenormalizer::SANITIZER => 'unknown' ])]
         public string $foo
     ) {}
 }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,8 @@ final class SanitizeDenormalizer implements DenormalizerInterface, DenormalizerA`
`26`	`26`	`{`
`27`	`27`	`use DenormalizerAwareTrait;`
`28`	`28`
`29`		`- public const SANITIZER_KEY = 'sanitizer';`
	`29`	`+ public const SANITIZER = 'sanitizer';`
	`30`	`+ public const SANITIZE_HTML = 'sanitize_html';`
`30`	`31`	`public const DEFAULT_SANITIZER = 'default';`
`31`	`32`
`32`	`33`	`public function __construct(`
`@@ -60,10 +61,10 @@ public function denormalize(mixed $data, string $type, ?string $format = null, a`
`60`	`61`
`61`	`62`	`foreach ($property->getAttributes(Context::class) as $attribute) {`
`62`	`63`	`$attributeContext = $attribute->newInstance();`
`63`		`- if (!isset($attributeContext->denormalizationContext[self::SANITIZER_KEY])) {`
	`64`	`+ if (($attributeContext->denormalizationContext[self::SANITIZE_HTML] ?? false) !== true) {`
`64`	`65`	`continue;`
`65`	`66`	`}`
`66`		`- $sanitizer = $this->getSanitizer($attributeContext->denormalizationContext[self::SANITIZER_KEY]);`
	`67`	`+ $sanitizer = $this->getSanitizer($attributeContext->denormalizationContext[self::SANITIZER] ?? self::DEFAULT_SANITIZER);`
`67`	`68`	`$sanitizedData[$name] = $this->sanitizeValue($data[$name], $sanitizer, $name);`
`68`	`69`	`$context['sanitized'] = true;`
`69`	`70`	`}`
`@@ -89,8 +90,8 @@ public function supportsDenormalization(mixed $data, string $type, ?string $form`
`89`	`90`	`$reflection = new \ReflectionClass($type);`
`90`	`91`	`foreach ($reflection->getProperties() as $property) {`
`91`	`92`	`foreach ($property->getAttributes(Context::class) as $attribute) {`
`92`		`- $attrContext = $attribute->newInstance();`
`93`		`- if (isset($attrContext->denormalizationContext[self::SANITIZER_KEY])) {`
	`93`	`+ $attributeContext = $attribute->newInstance();`
	`94`	`+ if (($attributeContext->denormalizationContext[self::SANITIZE_HTML] ?? false) === true) {`
`94`	`95`	`return true;`
`95`	`96`	`}`
`96`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ class SanitizeDummyWithArrayOfString`
`22`	`22`	`public function __construct(`
`23`	`23`	`public string $id,`
`24`	`24`	`/** @var string[] */`
`25`		`- #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER])]`
	`25`	`+ #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ])]`
`26`	`26`	`public array $strings,`
`27`	`27`	`) {}`
`28`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`class SanitizeDummyWithCustomSanitizer`
`21`	`21`	`{`
`22`	`22`	`public function __construct(`
`23`		`- #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => 'custom'])]`
	`23`	`+ #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true, SanitizeDenormalizer::SANITIZER => 'custom' ])]`
`24`	`24`	`public string $foo`
`25`	`25`	`) {}`
`26`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ public function __construct(`
`23`	`23`	`/**`
`24`	`24`	`* @var int[]`
`25`	`25`	`*/`
`26`		`- #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => SanitizeDenormalizer::DEFAULT_SANITIZER])]`
	`26`	`+ #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true ])]`
`27`	`27`	`public array $foo`
`28`	`28`	`) {}`
`29`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`class SanitizeDummyWithUnknownSanitizer`
`18`	`18`	`{`
`19`	`19`	`public function __construct(`
`20`		`- #[Context(denormalizationContext: [SanitizeDenormalizer::SANITIZER_KEY => 'unknown'])]`
	`20`	`+ #[Context(denormalizationContext: [ SanitizeDenormalizer::SANITIZE_HTML => true, SanitizeDenormalizer::SANITIZER => 'unknown' ])]`
`21`	`21`	`public string $foo`
`22`	`22`	`) {}`
`23`	`23`	`}`