From 860a1f6836e7c22225868b3ed690d98dd7d069fd Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Thu, 22 Sep 2016 20:06:02 +0200 Subject: [PATCH] Fixed handling of `` --- .../input/node/HtmlInputNodeProcessor.class.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeProcessor.class.php b/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeProcessor.class.php index d841eeb6dc..2cb79cbe92 100644 --- a/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeProcessor.class.php +++ b/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeProcessor.class.php @@ -29,7 +29,12 @@ class HtmlInputNodeProcessor extends AbstractHtmlNodeProcessor { // built-in 'smiley', 'woltlabAttachment', 'woltlabSuiteMedia' ], - 'p' => [ + 'p' => 'text', + 'td' => 'text', + + // not a valid tag, used for elements that are used to wrap text + // content such as

or , avoid duplicate declarations + 'text' => [ // text alignment 'text-center', 'text-justify', 'text-right', @@ -95,13 +100,16 @@ class HtmlInputNodeProcessor extends AbstractHtmlNodeProcessor { // strip invalid class names /** @var \DOMElement $element */ - $before = htmlentities($this->getHtml()); foreach ($this->getXPath()->query('//*[@class]') as $element) { $nodeName = $element->nodeName; if (isset(self::$allowedClassNames[$nodeName])) { $classNames = explode(' ', $element->getAttribute('class')); $classNames = array_filter($classNames, function ($className) use ($nodeName) { - return ($className && in_array($className, self::$allowedClassNames[$nodeName])); + if (self::$allowedClassNames[$nodeName] === 'text') { + return ($className && in_array($className, self::$allowedClassNames['text'])); + } + + return ($className && in_array($className, self::$allowedClassNames[$nodeName])); }); if (!empty($classNames)) { -- 2.20.1