html: Avoid corrupting quoted style attributes

For instance, current this style we be converted as ``` <span style="font-family:'courier new';"> ``` to ``` <span style="font-family:""> ``` Also discard Microsoft Office specific style attributes such as `mso-list` and friends

html: Avoid corrupting quoted style attributes
1f625787 · Jared Hancock · bdfb2f13 · 1f625787
Commit 1f625787 authored 11 years ago by Jared Hancock
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -177,14 +177,16 @@ class Format {
        }
        // Clean browser-specific style attributes
        if (isset($attributes['style'])) {
-            $styles = explode(';', $attributes['style']);
+            $styles = explode(';', html_entity_decode($attributes['style']));
-            foreach ($styles as $i=>$s) {
+            foreach ($styles as $i=>&$s) {
                @list($prop, $val) = explode(':', $s);
-                if (!$val || !$prop || $prop[0] == '-')
+                if (!$val || !$prop || $prop[0] == '-' || substr($prop, 0, 4) == 'mso-')
                    unset($styles[$i]);
+                if (!strpos($val, ' '))
+                    $s = str_replace('"','', $s);
            }
            if ($styles)
-                $attributes['style'] = implode(';', $styles);
+                $attributes['style'] = Format::htmlencode(implode(';', $styles));
            else
                unset($attributes['style']);
        }
@@ -246,7 +248,7 @@ class Format {
    }
    function htmlencode($var) {
-        $flags = ENT_COMPAT | ENT_QUOTES;
+        $flags = ENT_COMPAT;
        if (phpversion() >= '5.4.0')
            $flags |= ENT_HTML401;