Skip to content
Snippets Groups Projects
Commit 1f625787 authored by Jared Hancock's avatar Jared Hancock
Browse files

html: Avoid corrupting quoted style attributes

For instance, current this style we be converted as
```
<span style="font-family:'courier new';">
```
to
```
<span style="font-family:&quot;">
```

Also discard Microsoft Office specific style attributes such as `mso-list`
and friends
parent bdfb2f13
No related branches found
No related tags found
No related merge requests found
...@@ -177,14 +177,16 @@ class Format { ...@@ -177,14 +177,16 @@ class Format {
} }
// Clean browser-specific style attributes // Clean browser-specific style attributes
if (isset($attributes['style'])) { if (isset($attributes['style'])) {
$styles = explode(';', $attributes['style']); $styles = explode(';', html_entity_decode($attributes['style']));
foreach ($styles as $i=>$s) { foreach ($styles as $i=>&$s) {
@list($prop, $val) = explode(':', $s); @list($prop, $val) = explode(':', $s);
if (!$val || !$prop || $prop[0] == '-') if (!$val || !$prop || $prop[0] == '-' || substr($prop, 0, 4) == 'mso-')
unset($styles[$i]); unset($styles[$i]);
if (!strpos($val, ' '))
$s = str_replace('"','', $s);
} }
if ($styles) if ($styles)
$attributes['style'] = implode(';', $styles); $attributes['style'] = Format::htmlencode(implode(';', $styles));
else else
unset($attributes['style']); unset($attributes['style']);
} }
...@@ -246,7 +248,7 @@ class Format { ...@@ -246,7 +248,7 @@ class Format {
} }
function htmlencode($var) { function htmlencode($var) {
$flags = ENT_COMPAT | ENT_QUOTES; $flags = ENT_COMPAT;
if (phpversion() >= '5.4.0') if (phpversion() >= '5.4.0')
$flags |= ENT_HTML401; $flags |= ENT_HTML401;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment