před 1 rokem · 82f860d8e4
--- a/composer.lock
+++ b/composer.lock
@@ -4517,16 +4517,16 @@
 
				         },
			
 
				         {
			
 
				             "name": "symfony/html-sanitizer",
			
 
				-            "version": "v6.1.0",
			
 
				+            "version": "v6.1.11",
			
 
				             "source": {
			
 
				                 "type": "git",
			
 
				                 "url": "https://github.com/symfony/html-sanitizer.git",
			
 
				-                "reference": "28d19124099e860ef52da06ae251e37738b750fe"
			
 
				+                "reference": "9f7eb169f929b6f75fee7218a128856a63694cc6"
			
 
				             },
			
 
				             "dist": {
			
 
				                 "type": "zip",
			
 
				-                "url": "https://api.github.com/repos/symfony/html-sanitizer/zipball/28d19124099e860ef52da06ae251e37738b750fe",
			
 
				-                "reference": "28d19124099e860ef52da06ae251e37738b750fe",
			
 
				+                "url": "https://api.github.com/repos/symfony/html-sanitizer/zipball/9f7eb169f929b6f75fee7218a128856a63694cc6",
			
 
				+                "reference": "9f7eb169f929b6f75fee7218a128856a63694cc6",
			
 
				                 "shasum": ""
			
 
				             },
			
 
				             "require": {
			
@@ -4566,7 +4566,7 @@
 
				                 "sanitizer"
			
 
				             ],
			
 
				             "support": {
			
 
				-                "source": "https://github.com/symfony/html-sanitizer/tree/v6.1.0"
			
 
				+                "source": "https://github.com/symfony/html-sanitizer/tree/v6.1.11"
			
 
				             },
			
 
				             "funding": [
			
 
				                 {
			
@@ -4582,7 +4582,7 @@
 
				                     "type": "tidelift"
			
 
				                 }
			
 
				             ],
			
 
				-            "time": "2022-05-06T15:18:34+00:00"
			
 
				+            "time": "2023-01-01T08:37:24+00:00"
			
 
				         },
			
 
				         {
			
 
				             "name": "symfony/http-client",
			
--- a/src/Service/CommentaireManager.php
+++ b/src/Service/CommentaireManager.php
@@ -26,7 +26,6 @@ class CommentaireManager {
 
				 
			
 
				     public function addCommentaire (Commentaire $commentaire, Film $film): void
			
 
				     {
			
 
				-        $commentaire->setContenu(htmlspecialchars($commentaire->getContenu()));
			
 
				         $commentaire->setUser($this->user);
			
 
				         $commentaire->setFilm(($film));
			
 
				         $film->addCommentaire($commentaire);
			
@@ -36,7 +35,6 @@ class CommentaireManager {
 
				 
			
 
				     public function editCommentaire(Commentaire $commentaire): void
			
 
				     {
			
 
				-        $commentaire->setContenu(htmlspecialchars($commentaire->getContenu()));
			
 
				         $this->em->flush();
			
 
				     }
			
 
				 
			
--- a/templates/videotheque/voirfilm.html.twig
+++ b/templates/videotheque/voirfilm.html.twig
@@ -174,7 +174,7 @@
 
				                                            value="{{ commentaire.note }}">
			
 
				                                 {% endif %}
			
 
				                                 {% if commentaire.contenu != "" %}
			
 
				-                                    <p>{{ commentaire.contenu | show_links | raw | nl2br }}</p>
			
 
				+                                    <p>{{ commentaire.contenu | show_links | raw | sanitize_html | nl2br }}</p>
			
 
				                                 {%  endif %}
			
 
				                             </div>
			
 
				                         {% endfor %}