Allowing to add multiple style properties per element [CKEditor]

As some CK-Editor addons could include multiple properties for style attribute separated by ";".
Allowed some more style properties and also allowed the multiple style properties per element.
pull/91/head
ahmad-curriki 2020-08-25 15:04:10 +05:00 committed by GitHub
parent 196888bf3e
commit 786eaa4b03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 4 deletions

View File

@ -3633,6 +3633,8 @@ class H5PContentValidator {
$stylePatterns = array(); $stylePatterns = array();
// All styles must be start to end patterns (^...$) // All styles must be start to end patterns (^...$)
if (isset($semantics->font)) { if (isset($semantics->font)) {
$stylePatterns[] = '/^font-style: *(italic|normal|oblique);?$/i'; // allow font-style property
$stylePatterns[] = '/^font-weight: *[0-9.]+;?$/i'; // allow font-weight property
if (isset($semantics->font->size) && $semantics->font->size) { if (isset($semantics->font->size) && $semantics->font->size) {
$stylePatterns[] = '/^font-size: *[0-9.]+(em|px|%) *;?$/i'; $stylePatterns[] = '/^font-size: *[0-9.]+(em|px|%) *;?$/i';
} }
@ -3655,6 +3657,14 @@ class H5PContentValidator {
// Alignment is allowed for all wysiwyg texts // Alignment is allowed for all wysiwyg texts
$stylePatterns[] = '/^text-align: *(center|left|right);?$/i'; $stylePatterns[] = '/^text-align: *(center|left|right);?$/i';
// other necessary style tags - allowing additional tags
$stylePatterns[] = "/^width: *[0-9.]+(px|%) *;?$/i";
$stylePatterns[] = "/^height: *[0-9.]+(px|%) *;?$/i";
$stylePatterns[] = "/^margin: *[0-9.]+(em|px|%)+(\s(#?)([a-z0-9]{3,6})){0,3} *;?$/i";
$stylePatterns[] = "/^padding: *[0-9.]+(em|px|%)+(\s(#?)([a-z0-9]{3,6})){0,3} *;?$/i";
$stylePatterns[] = "/^padding(-(top|bottom|right|left)): *[0-9.]+(em|px|%) *;?$/i";
$stylePatterns[] = "/^margin(-(top|bottom|right|left)): *[0-9.]+(em|px|%) *;?$/i";
$stylePatterns[] = "/^border(-(top|bottom|right|left)|):(\s?)(([0-9.]*)+(em|px|%))+(\s(#?)[a-z0-9]{3,6}){0,2} *;?$/i";
// Strip invalid HTML tags. // Strip invalid HTML tags.
$text = $this->filter_xss($text, $tags, $stylePatterns); $text = $this->filter_xss($text, $tags, $stylePatterns);
@ -4342,14 +4352,23 @@ class H5PContentValidator {
// Attribute value, a URL after href= for instance. // Attribute value, a URL after href= for instance.
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) { if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) {
if ($allowedStyles && $attrName === 'style') { if ($allowedStyles && $attrName === 'style') {
$matches = explode(";", $match[1]); // get all the style properties
// Allow certain styles // Allow certain styles
$styleArr = [];
foreach ($allowedStyles as $pattern) { foreach ($allowedStyles as $pattern) {
if (preg_match($pattern, $match[1])) { foreach ($matches as $match) { // loop through each style property of an element
if (preg_match($pattern, trim($match))) { // add the property in styleArr if exist in allowed style array
// All patterns are start to end patterns, and CKEditor adds one span per style // All patterns are start to end patterns, and CKEditor adds one span per style
$attrArr[] = 'style="' . $match[1] . '"'; // overriding the CKEditor one style per span logic - as some addon might add multiple style attributes per element
break; $styleArr[] = $match;
// break; this break not needed anymore for allowing multiple style properties per element
} }
} }
}
// if style array has some style properties then prepare final style attribute for element
if (!empty($styleArr)) {
$attrArr[] = 'style="' . implode(";", $styleArr) . '"';
}
break; break;
} }