[增添]添加了datasource的setting数据库以及默认值

vendor/symfony/html-sanitizer/TextSanitizer/StringSanitizer.php

@@ -0,0 +1,82 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HtmlSanitizer\TextSanitizer;
+
+/**
+ * @internal
+ */
+final class StringSanitizer
+{
+    private const LOWERCASE = [
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+        'abcdefghijklmnopqrstuvwxyz',
+    ];
+
+    private const REPLACEMENTS = [
+        [
+            // "&#34;" is shorter than "&quot;"
+            '&quot;',
+
+            // Fix several potential issues in how browsers interpret attributes values
+            '+',
+            '=',
+            '@',
+            '`',
+
+            // Some DB engines will transform UTF8 full-width characters their classical version
+            // if the data is saved in a non-UTF8 field
+            '＜',
+            '＞',
+            '＋',
+            '＝',
+            '＠',
+            '｀',
+        ],
+        [
+            '&#34;',
+
+            '&#43;',
+            '&#61;',
+            '&#64;',
+            '&#96;',
+
+            '&#xFF1C;',
+            '&#xFF1E;',
+            '&#xFF0B;',
+            '&#xFF1D;',
+            '&#xFF20;',
+            '&#xFF40;',
+        ],
+    ];
+
+    /**
+     * Applies a transformation to lowercase following W3C HTML Standard.
+     *
+     * @see https://w3c.github.io/html-reference/terminology.html#case-insensitive
+     */
+    public static function htmlLower(string $string): string
+    {
+        return strtr($string, self::LOWERCASE[0], self::LOWERCASE[1]);
+    }
+
+    /**
+     * Encodes the HTML entities in the given string for safe injection in a document's DOM.
+     */
+    public static function encodeHtmlEntities(string $string): string
+    {
+        return str_replace(
+            self::REPLACEMENTS[0],
+            self::REPLACEMENTS[1],
+            htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, 'UTF-8')
+        );
+    }
+}

vendor/symfony/html-sanitizer/TextSanitizer/UrlSanitizer.php

@@ -0,0 +1,136 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HtmlSanitizer\TextSanitizer;
+
+use League\Uri\Exceptions\SyntaxError;
+use League\Uri\UriString;
+
+/**
+ * @internal
+ */
+final class UrlSanitizer
+{
+    /**
+     * Sanitizes a given URL string.
+     *
+     * In addition to ensuring $input is a valid URL, this sanitizer checks that:
+     *   * the URL's host is allowed ;
+     *   * the URL's scheme is allowed ;
+     *   * the URL is allowed to be relative if it is ;
+     *
+     * It also transforms the URL to HTTPS if requested.
+     */
+    public static function sanitize(?string $input, ?array $allowedSchemes = null, bool $forceHttps = false, ?array $allowedHosts = null, bool $allowRelative = false): ?string
+    {
+        if (!$input) {
+            return null;
+        }
+
+        $url = self::parse($input);
+
+        // Malformed URL
+        if (!$url || !\is_array($url)) {
+            return null;
+        }
+
+        // No scheme and relative not allowed
+        if (!$allowRelative && !$url['scheme']) {
+            return null;
+        }
+
+        // Forbidden scheme
+        if ($url['scheme'] && null !== $allowedSchemes && !\in_array($url['scheme'], $allowedSchemes, true)) {
+            return null;
+        }
+
+        // If the scheme used is not supposed to have a host, do not check the host
+        if (!self::isHostlessScheme($url['scheme'])) {
+            // No host and relative not allowed
+            if (!$allowRelative && !$url['host']) {
+                return null;
+            }
+
+            // Forbidden host
+            if ($url['host'] && null !== $allowedHosts && !self::isAllowedHost($url['host'], $allowedHosts)) {
+                return null;
+            }
+        }
+
+        // Force HTTPS
+        if ($forceHttps && 'http' === $url['scheme']) {
+            $url['scheme'] = 'https';
+        }
+
+        return UriString::build($url);
+    }
+
+    /**
+     * Parses a given URL and returns an array of its components.
+     *
+     * @return null|array{
+     *     scheme:?string,
+     *     user:?string,
+     *     pass:?string,
+     *     host:?string,
+     *     port:?int,
+     *     path:string,
+     *     query:?string,
+     *     fragment:?string
+     * }
+     */
+    public static function parse(string $url): ?array
+    {
+        if (!$url) {
+            return null;
+        }
+
+        try {
+            return UriString::parse($url);
+        } catch (SyntaxError) {
+            return null;
+        }
+    }
+
+    private static function isHostlessScheme(?string $scheme): bool
+    {
+        return \in_array($scheme, ['blob', 'chrome', 'data', 'file', 'geo', 'mailto', 'maps', 'tel', 'view-source'], true);
+    }
+
+    private static function isAllowedHost(?string $host, array $allowedHosts): bool
+    {
+        if (null === $host) {
+            return \in_array(null, $allowedHosts, true);
+        }
+
+        $parts = array_reverse(explode('.', $host));
+
+        foreach ($allowedHosts as $allowedHost) {
+            if (self::matchAllowedHostParts($parts, array_reverse(explode('.', $allowedHost)))) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private static function matchAllowedHostParts(array $uriParts, array $trustedParts): bool
+    {
+        // Check each chunk of the domain is valid
+        foreach ($trustedParts as $key => $trustedPart) {
+            if ($uriParts[$key] !== $trustedPart) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}