minor #46062 [HtmlSanitizer] Add HtmlSanitizerConfig::withMaxInputLength() (nicolas-grekas)

This PR was merged into the 6.1 branch.

Discussion
----------

[HtmlSanitizer] Add HtmlSanitizerConfig::withMaxInputLength()

| Q             | A
| ------------- | ---
| Branch?       | 6.1
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #symfony/symfony#44798 (review)
| License       | MIT
| Doc PR        | -

Commits
-------

070f2cfc03 [HtmlSanitizer] Add HtmlSanitizerConfig::withMaxInputLength()

Author: fabpot

HtmlSanitizer.php

@@ -25,18 +25,16 @@
 final class HtmlSanitizer implements HtmlSanitizerInterface
 {
     private HtmlSanitizerConfig $config;
-    private int $maxInputLength;
     private ParserInterface $parser;
 
     /**
      * @var array<string, DomVisitor>
      */
     private array $domVisitors = [];
 
-    public function __construct(HtmlSanitizerConfig $config, int $maxInputLength = 20000, ParserInterface $parser = null)
+    public function __construct(HtmlSanitizerConfig $config, ParserInterface $parser = null)
     {
         $this->config = $config;
-        $this->maxInputLength = $maxInputLength;
         $this->parser = $parser ?? new MastermindsParser();
     }
 
@@ -64,8 +62,8 @@ private function sanitizeWithContext(string $context, string $input): string
         $this->domVisitors[$context] ??= $this->createDomVisitorForContext($context);
 
         // Prevent DOS attack induced by extremely long HTML strings
-        if (\strlen($input) > $this->maxInputLength) {
-            $input = substr($input, 0, $this->maxInputLength);
+        if (\strlen($input) > $this->config->getMaxInputLength()) {
+            $input = substr($input, 0, $this->config->getMaxInputLength());
         }
 
         // Only operate on valid UTF-8 strings. This is necessary to prevent cross

HtmlSanitizerConfig.php

@@ -92,6 +92,8 @@ class HtmlSanitizerConfig
      */
     private array $attributeSanitizers;
 
+    private int $maxInputLength = 20_000;
+
     public function __construct()
     {
         $this->attributeSanitizers = [
@@ -405,6 +407,19 @@ public function withoutAttributeSanitizer(AttributeSanitizerInterface $sanitizer
         return $clone;
     }
 
+    public function withMaxInputLength(int $maxInputLength): static
+    {
+        $clone = clone $this;
+        $clone->maxInputLength = $maxInputLength;
+
+        return $clone;
+    }
+
+    public function getMaxInputLength(): int
+    {
+        return $this->maxInputLength;
+    }
+
     /**
      * @return array<string, array<string, true>>
      */