Fixed some sanitizing glitches

author Alexander Ebert <ebert@woltlab.com>

Mon, 19 Dec 2016 15:04:58 +0000 (16:04 +0100)

committer Alexander Ebert <ebert@woltlab.com>

Mon, 19 Dec 2016 15:05:22 +0000 (16:05 +0100)
author Alexander Ebert <ebert@woltlab.com>
Mon, 19 Dec 2016 15:04:58 +0000 (16:04 +0100)
committer Alexander Ebert <ebert@woltlab.com>
Mon, 19 Dec 2016 15:05:22 +0000 (16:05 +0100)
diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js

index 8747166532cff912e13925a79b8588b1b2993547..abbb5bae0c474cdffcc370f404ffdae764147613 100644 (file)
--- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js
+++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js
@@ -133,7 +133,7 @@ $.Redactor.prototype.WoltLabClean = function() {
                                 }
                                 
                                 elBySelAll('span', div, function (span) {
-                                       if (!span.style.length || !span.hasAttribute('style')) {
+                                       if (!span.hasAttribute('style') || !span.style.length) {
                                                 while (span.childNodes.length) {
                                                         span.parentNode.insertBefore(span.childNodes[0], span);
                                                 }
@@ -154,10 +154,14 @@ $.Redactor.prototype.WoltLabClean = function() {
                                         }
                                         
                                         // discard classes and styles, they're stripped later on anyway
-                                       p.className = '';
+                                       p.removeAttribute('class');
                                         p.removeAttribute('style');
                                 });
                                 
+                               elBySelAll('img', div, function (img) {
+                                       img.removeAttribute('style');
+                               });
+                               
                                 elBySelAll('br', div, function (br) {
                                         br.parentNode.insertBefore(document.createTextNode('@@@WOLTLAB-BR-MARKER@@@'), br.nextSibling);
                                 });
@@ -173,7 +177,7 @@ $.Redactor.prototype.WoltLabClean = function() {
                                         return '';
                                 });
                                 
-                               div.innerHTML = html;
+                               div.innerHTML = html.replace(/&amp;quot;/g, '&quot;');
                                 
                                 elBySelAll('woltlab-br-marker', div, function (marker) {
                                         var parent = marker.parentNode;
author	Alexander Ebert <ebert@woltlab.com>
	Mon, 19 Dec 2016 15:04:58 +0000 (16:04 +0100)
committer	Alexander Ebert <ebert@woltlab.com>
	Mon, 19 Dec 2016 15:05:22 +0000 (16:05 +0100)