menu.html.twig: avoid rendering empty style attribute in menu badges …#7510
Open
bt-nn wants to merge 2 commits intoEasyCorp:5.xfrom
Open
menu.html.twig: avoid rendering empty style attribute in menu badges …#7510bt-nn wants to merge 2 commits intoEasyCorp:5.xfrom
bt-nn wants to merge 2 commits intoEasyCorp:5.xfrom
Conversation
…(CSP compatibility) EasyAdmin always rendered a `style` attribute for menu item badges, even when `item.badge.htmlStyle` was empty. This produced `style=""`, which still counts as inline CSS and violates strict Content Security Policies (CSP) that do not allow `unsafe-inline`. The style attribute is now only rendered when a non-empty value is provided.
Seb33300
reviewed
Mar 19, 2026
| </span> | ||
| {% if item.badge %} | ||
| <span class="menu-item-badge rounded-pill badge {{ item.badge.cssClass }}" {{ _self.render_html_attributes(item.badge) }} style="{{ item.badge.htmlStyle }}">{{ item.badge.content }}</span> | ||
| <span class="menu-item-badge rounded-pill badge {{ item.badge.cssClass }}" {{ _self.render_html_attributes(item.badge) }} {{ item.badge.htmlStyle ? 'style="' ~ item.badge.htmlStyle ~ '"' : '' }}">{{ item.badge.content }}</span> |
Contributor
There was a problem hiding this comment.
cant we just rename htmlStyle to style, so this attribute will be rendered by render_html_attributes()?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…(CSP compatibility)
EasyAdmin always rendered a
styleattribute for menu item badges, even whenitem.badge.htmlStylewas empty. This producedstyle="", which still counts as inline CSS and violates strict Content Security Policies (CSP) that do not allowunsafe-inline.The style attribute is now only rendered when a non-empty value is provided.