Specify HTML.Doctype as HTML 4 Strict for HTML Purifier

Not setting a Doctype defaults to HTML 4 Transitional, allowing legacy
tags. HTML 4 Strict will attempt to convert them into a standards compliant
format.

HTML Purifier does not support the HTML 5 Doctype as a readily available
configuration.

Before:

    string '<p><font size="6">This is some text!</font></p>' (length=47)

After:

    string '<p><span style="font-size:xx-large;">This is some text!</span></p>' (length=66)

diff --git a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
index f8d68497985cab39e3a674ed04bce79fdea50310..a56d07032ee7ad5a70c01d053ab620fd5816182c 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
+++ b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
@@ -52,6 +52,7 @@ class MessageHtmlInputFilter implements IHtmlInputFilter {
                        
                        $config->set('CSS.AllowedProperties', ['color', 'font-family', 'font-size']);
                        $config->set('HTML.ForbiddenAttributes', ['*@lang', '*@xml:lang']);
+                       $config->set('HTML.Doctype', 'HTML 4.01 Strict');
                        
                        $allowedSchemes = $config->get('URI.AllowedSchemes');
                        $allowedSchemes['ts3server'] = true;