From c4e428d59cb8b42cca676beefb0da6bd14ea859e Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 19 Dec 2016 16:04:58 +0100 Subject: [PATCH] Fixed some sanitizing glitches --- .../js/3rdParty/redactor2/plugins/WoltLabClean.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js index 8747166532..abbb5bae0c 100644 --- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js +++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabClean.js @@ -133,7 +133,7 @@ $.Redactor.prototype.WoltLabClean = function() { } elBySelAll('span', div, function (span) { - if (!span.style.length || !span.hasAttribute('style')) { + if (!span.hasAttribute('style') || !span.style.length) { while (span.childNodes.length) { span.parentNode.insertBefore(span.childNodes[0], span); } @@ -154,10 +154,14 @@ $.Redactor.prototype.WoltLabClean = function() { } // discard classes and styles, they're stripped later on anyway - p.className = ''; + p.removeAttribute('class'); p.removeAttribute('style'); }); + elBySelAll('img', div, function (img) { + img.removeAttribute('style'); + }); + elBySelAll('br', div, function (br) { br.parentNode.insertBefore(document.createTextNode('@@@WOLTLAB-BR-MARKER@@@'), br.nextSibling); }); @@ -173,7 +177,7 @@ $.Redactor.prototype.WoltLabClean = function() { return ''; }); - div.innerHTML = html; + div.innerHTML = html.replace(/"/g, '"'); elBySelAll('woltlab-br-marker', div, function (marker) { var parent = marker.parentNode; -- 2.20.1