@@ -934,8 +934,10 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
934
934
Max Input Length
935
935
~~~~~~~~~~~~~~~~
936
936
937
- To prevent DoS attacks, the HTML sanitizer limits the input length to ``20000 `` by default.
938
- Using this option, you can change the max input length, Inputs longer than this value will be truncated.
937
+ In order to prevent `DoS attacks `_, by default the HTML sanitizer limits the
938
+ input length to ``20000 `` characters (as measured by ``strlen($input) ``). All
939
+ the contents exceeding that length will be truncated. Use this option to
940
+ increase or decrease this limit:
939
941
940
942
.. configuration-block ::
941
943
@@ -948,7 +950,7 @@ Using this option, you can change the max input length, Inputs longer than this
948
950
app.post_sanitizer :
949
951
# ...
950
952
951
- # specifies the max input length. Inputs longer than this value will be
953
+ # inputs longer (in characters) than this value will be truncated
952
954
max_input_length : 30000 # default: 20000
953
955
954
956
.. code-block :: xml
@@ -965,8 +967,7 @@ Using this option, you can change the max input length, Inputs longer than this
965
967
<framework : config >
966
968
<framework : html-sanitizer >
967
969
<framework : sanitizer name =" app.post_sanitizer" >
968
- <!-- specifies the max input length. Inputs longer than this value will be
969
- truncated (default: 20000) -->
970
+ <!-- inputs longer (in characters) than this value will be truncated (default: 20000) -->
970
971
<framework : max-input-length >20000</framework : max-input-length >
971
972
</framework : sanitizer >
972
973
</framework : html-sanitizer >
@@ -981,8 +982,7 @@ Using this option, you can change the max input length, Inputs longer than this
981
982
return static function (FrameworkConfig $framework) {
982
983
$framework->htmlSanitizer()
983
984
->sanitizer('app.post_sanitizer')
984
- // specifies the max input length. Inputs longer than this value will be
985
- // truncated (default: 20000)
985
+ // inputs longer (in characters) than this value will be truncated (default: 20000)
986
986
->withMaxInputLength(20000)
987
987
;
988
988
};
@@ -994,8 +994,7 @@ Using this option, you can change the max input length, Inputs longer than this
994
994
995
995
$postSanitizer = new HtmlSanitizer(
996
996
(new HtmlSanitizerConfig())
997
- // specifies the max input length. Inputs longer than this value will be
998
- // truncated (default: 20000)
997
+ // inputs longer (in characters) than this value will be truncated (default: 20000)
999
998
->withMaxInputLength(20000)
1000
999
);
1001
1000
@@ -1081,3 +1080,4 @@ to enable it for an HTML sanitizer:
1081
1080
1082
1081
.. _`HTML Sanitizer W3C Standard Proposal` : https://wicg.github.io/sanitizer-api/
1083
1082
.. _`W3C Standard Proposal` : https://wicg.github.io/sanitizer-api/
1083
+ .. _`DoS attacks` : https://en.wikipedia.org/wiki/Denial-of-service_attack
0 commit comments