Skip to content

Commit e39cbf6

Browse files
committed
Tweaks
1 parent 9835e0a commit e39cbf6

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

html_sanitizer.rst

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -934,8 +934,10 @@ the HTML sanitizer: ``src``, ``href``, ``lowsrc``, ``background`` and ``ping``.
934934
Max Input Length
935935
~~~~~~~~~~~~~~~~
936936

937-
To prevent DoS attacks, the HTML sanitizer limits the input length to ``20000`` by default.
938-
Using this option, you can change the max input length, Inputs longer than this value will be truncated.
937+
In order to prevent `DoS attacks`_, by default the HTML sanitizer limits the
938+
input length to ``20000`` characters (as measured by ``strlen($input)``). All
939+
the contents exceeding that length will be truncated. Use this option to
940+
increase or decrease this limit:
939941

940942
.. configuration-block::
941943

@@ -948,7 +950,7 @@ Using this option, you can change the max input length, Inputs longer than this
948950
app.post_sanitizer:
949951
# ...
950952
951-
# specifies the max input length. Inputs longer than this value will be
953+
# inputs longer (in characters) than this value will be truncated
952954
max_input_length: 30000 # default: 20000
953955
954956
.. code-block:: xml
@@ -965,8 +967,7 @@ Using this option, you can change the max input length, Inputs longer than this
965967
<framework:config>
966968
<framework:html-sanitizer>
967969
<framework:sanitizer name="app.post_sanitizer">
968-
<!-- specifies the max input length. Inputs longer than this value will be
969-
truncated (default: 20000) -->
970+
<!-- inputs longer (in characters) than this value will be truncated (default: 20000) -->
970971
<framework:max-input-length>20000</framework:max-input-length>
971972
</framework:sanitizer>
972973
</framework:html-sanitizer>
@@ -981,8 +982,7 @@ Using this option, you can change the max input length, Inputs longer than this
981982
return static function (FrameworkConfig $framework) {
982983
$framework->htmlSanitizer()
983984
->sanitizer('app.post_sanitizer')
984-
// specifies the max input length. Inputs longer than this value will be
985-
// truncated (default: 20000)
985+
// inputs longer (in characters) than this value will be truncated (default: 20000)
986986
->withMaxInputLength(20000)
987987
;
988988
};
@@ -994,8 +994,7 @@ Using this option, you can change the max input length, Inputs longer than this
994994
995995
$postSanitizer = new HtmlSanitizer(
996996
(new HtmlSanitizerConfig())
997-
// specifies the max input length. Inputs longer than this value will be
998-
// truncated (default: 20000)
997+
// inputs longer (in characters) than this value will be truncated (default: 20000)
999998
->withMaxInputLength(20000)
1000999
);
10011000
@@ -1081,3 +1080,4 @@ to enable it for an HTML sanitizer:
10811080
10821081
.. _`HTML Sanitizer W3C Standard Proposal`: https://wicg.github.io/sanitizer-api/
10831082
.. _`W3C Standard Proposal`: https://wicg.github.io/sanitizer-api/
1083+
.. _`DoS attacks`: https://en.wikipedia.org/wiki/Denial-of-service_attack

0 commit comments

Comments
 (0)