Merge branch 'release'
Frode Petterson
commit
ac96408bc9
|
|
@ -1649,6 +1649,7 @@ class H5PCore {
|
|||
const DISABLE_EMBED = 4;
|
||||
const DISABLE_COPYRIGHT = 8;
|
||||
const DISABLE_ABOUT = 16;
|
||||
const DISABLE_ALL = 31;
|
||||
|
||||
// Map flags to string
|
||||
public static $disable = array(
|
||||
|
|
@ -2560,8 +2561,26 @@ class H5PContentValidator {
|
|||
if (in_array('del', $tags) || in_array('strike', $tags) && ! in_array('s', $tags)) {
|
||||
$tags[] = 's';
|
||||
}
|
||||
|
||||
// Determine allowed style tags
|
||||
$stylePatterns = array();
|
||||
if (isset($semantics->font)) {
|
||||
if (isset($semantics->font->size) && $semantics->font->size) {
|
||||
$stylePatterns[] = '/^font-size: *[0-9.]+(em|px|%) *;?$/i';
|
||||
}
|
||||
if (isset($semantics->font->family) && $semantics->font->family) {
|
||||
$stylePatterns[] = '/^font-family: *[a-z0-9," ]+;?$/i';
|
||||
}
|
||||
if (isset($semantics->font->color) && $semantics->font->color) {
|
||||
$stylePatterns[] = '/^color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
|
||||
}
|
||||
if (isset($semantics->font->background) && $semantics->font->background) {
|
||||
$stylePatterns[] = '/^background-color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
|
||||
}
|
||||
}
|
||||
|
||||
// Strip invalid HTML tags.
|
||||
$text = $this->filter_xss($text, $tags);
|
||||
$text = $this->filter_xss($text, $tags, $stylePatterns);
|
||||
}
|
||||
else {
|
||||
// Filter text to plain text.
|
||||
|
|
@ -2984,7 +3003,7 @@ class H5PContentValidator {
|
|||
*
|
||||
* @ingroup sanitization
|
||||
*/
|
||||
private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
|
||||
private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'), $allowedStyles = FALSE) {
|
||||
if (strlen($string) == 0) {
|
||||
return $string;
|
||||
}
|
||||
|
|
@ -2995,6 +3014,8 @@ class H5PContentValidator {
|
|||
return '';
|
||||
}
|
||||
|
||||
$this->allowedStyles = $allowedStyles;
|
||||
|
||||
// Store the text format.
|
||||
$this->_filter_xss_split($allowed_tags, TRUE);
|
||||
// Remove NULL characters (ignored by some browsers).
|
||||
|
|
@ -3088,7 +3109,7 @@ class H5PContentValidator {
|
|||
$xhtml_slash = $count ? ' /' : '';
|
||||
|
||||
// Clean up attributes.
|
||||
$attr2 = implode(' ', $this->_filter_xss_attributes($attrlist));
|
||||
$attr2 = implode(' ', $this->_filter_xss_attributes($attrlist, ($elem === 'span' ? $this->allowedStyles : FALSE)));
|
||||
$attr2 = preg_replace('/[<>]/', '', $attr2);
|
||||
$attr2 = strlen($attr2) ? ' ' . $attr2 : '';
|
||||
|
||||
|
|
@ -3101,7 +3122,7 @@ class H5PContentValidator {
|
|||
* @return
|
||||
* Cleaned up version of the HTML attributes.
|
||||
*/
|
||||
private function _filter_xss_attributes($attr) {
|
||||
private function _filter_xss_attributes($attr, $allowedStyles = FALSE) {
|
||||
$attrarr = array();
|
||||
$mode = 0;
|
||||
$attrname = '';
|
||||
|
|
@ -3141,6 +3162,17 @@ class H5PContentValidator {
|
|||
case 2:
|
||||
// Attribute value, a URL after href= for instance.
|
||||
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) {
|
||||
if ($allowedStyles && $attrname === 'style') {
|
||||
// Allow certain styles
|
||||
foreach ($allowedStyles as $pattern) {
|
||||
if (preg_match($pattern, $match[1])) {
|
||||
$attrarr[] = 'style="' . $match[1] . '"';
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
$thisval = $this->filter_xss_bad_protocol($match[1]);
|
||||
|
||||
if (!$skip) {
|
||||
|
|
|
|||
15
js/h5p.js
15
js/h5p.js
|
|
@ -774,7 +774,7 @@ H5P.newRunnable = function (library, contentId, $attachTo, skipResize, extras) {
|
|||
*/
|
||||
H5P.error = function (err) {
|
||||
if (window.console !== undefined && console.error !== undefined) {
|
||||
console.error(err);
|
||||
console.error(err.stack ? err.stack : err);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
@ -883,10 +883,17 @@ H5P.getCopyrights = function (instance, parameters, contentId) {
|
|||
var copyrights;
|
||||
|
||||
if (instance.getCopyrights !== undefined) {
|
||||
// Use the instance's own copyright generator
|
||||
copyrights = instance.getCopyrights();
|
||||
try {
|
||||
// Use the instance's own copyright generator
|
||||
copyrights = instance.getCopyrights();
|
||||
}
|
||||
catch (err) {
|
||||
// Failed, prevent crashing page.
|
||||
H5P.error(err);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
if (copyrights === undefined) {
|
||||
// Create a generic flat copyright list
|
||||
copyrights = new H5P.ContentCopyrights();
|
||||
H5P.findCopyrights(copyrights, parameters, contentId);
|
||||
|
|
|
|||
Loading…
Reference in New Issue