From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 19 Dec 2016 15:04:58 +0000 (+0100)
Subject: Fixed some sanitizing glitches
X-Git-Tag: 3.0.0_RC_2~15
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c4e428d59cb8b42cca676beefb0da6bd14ea859e;p=GitHub%2FWoltLab%2FWCF.git

Fixed some sanitizing glitches
---

diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js
index 8747166532..abbb5bae0c 100644
--- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js
+++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js
@@ -133,7 +133,7 @@ $.Redactor.prototype.WoltLabClean = function() {
 				}
 				
 				elBySelAll('span', div, function (span) {
-					if (!span.style.length || !span.hasAttribute('style')) {
+					if (!span.hasAttribute('style') || !span.style.length) {
 						while (span.childNodes.length) {
 							span.parentNode.insertBefore(span.childNodes[0], span);
 						}
@@ -154,10 +154,14 @@ $.Redactor.prototype.WoltLabClean = function() {
 					}
 					
 					// discard classes and styles, they're stripped later on anyway
-					p.className = '';
+					p.removeAttribute('class');
 					p.removeAttribute('style');
 				});
 				
+				elBySelAll('img', div, function (img) {
+					img.removeAttribute('style');
+				});
+				
 				elBySelAll('br', div, function (br) {
 					br.parentNode.insertBefore(document.createTextNode('@@@WOLTLAB-BR-MARKER@@@'), br.nextSibling);
 				});
@@ -173,7 +177,7 @@ $.Redactor.prototype.WoltLabClean = function() {
 					return '';
 				});
 				
-				div.innerHTML = html;
+				div.innerHTML = html.replace(/&amp;quot;/g, '&quot;');
 				
 				elBySelAll('woltlab-br-marker', div, function (marker) {
 					var parent = marker.parentNode;