From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 8 Apr 2020 12:47:30 +0000 (+0200)
Subject: Specify HTML.Doctype as HTML 4 Strict for HTML Purifier
X-Git-Tag: 3.0.24~5^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=05fd92660a268fb05ca05776d81fa68fcdfe7879;p=GitHub%2FWoltLab%2FWCF.git

Specify HTML.Doctype as HTML 4 Strict for HTML Purifier

Not setting a Doctype defaults to HTML 4 Transitional, allowing legacy
tags. HTML 4 Strict will attempt to convert them into a standards compliant
format.

HTML Purifier does not support the HTML 5 Doctype as a readily available
configuration.

Before:

    string '<p><font size="6">This is some text!</font></p>' (length=47)

After:

    string '<p><span style="font-size:xx-large;">This is some text!</span></p>' (length=66)
---

diff --git a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
index f8d6849798..a56d07032e 100644
--- a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
+++ b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
@@ -52,6 +52,7 @@ class MessageHtmlInputFilter implements IHtmlInputFilter {
 			
 			$config->set('CSS.AllowedProperties', ['color', 'font-family', 'font-size']);
 			$config->set('HTML.ForbiddenAttributes', ['*@lang', '*@xml:lang']);
+			$config->set('HTML.Doctype', 'HTML 4.01 Strict');
 			
 			$allowedSchemes = $config->get('URI.AllowedSchemes');
 			$allowedSchemes['ts3server'] = true;