From: Alan <alan@roojs.com>
Date: Tue, 31 Aug 2021 02:29:01 +0000 (+0800)
Subject: make css whitelist case insensitive due to stripo using Margin?
X-Git-Url: http://git.roojs.org/?p=roojs1;a=commitdiff_plain;h=cce6200387f9295f6e8c6e909857c5f8e214200b

make css whitelist case insensitive due to stripo using Margin?
---

diff --git a/docs/src/Roo_HtmlEditorCore.js.html b/docs/src/Roo_HtmlEditorCore.js.html
index bb979c3b62..deec45854c 100644
--- a/docs/src/Roo_HtmlEditorCore.js.html
+++ b/docs/src/Roo_HtmlEditorCore.js.html
@@ -1132,7 +1132,7 @@
                 }
                 </span><span class="jsdoc-comment">//Roo.log()
                 // only allow 'c whitelisted system attributes'
-                </span><span class="jsdoc-keyword">if </span><span class="jsdoc-syntax">( </span><span class="jsdoc-var">cwhite.length </span><span class="jsdoc-syntax">&amp;&amp;  </span><span class="jsdoc-var">cwhite.indexOf</span><span class="jsdoc-syntax">(</span><span class="jsdoc-var">l</span><span class="jsdoc-syntax">) &lt; 0) {
+                </span><span class="jsdoc-keyword">if </span><span class="jsdoc-syntax">( </span><span class="jsdoc-var">cwhite.length </span><span class="jsdoc-syntax">&amp;&amp;  </span><span class="jsdoc-var">cwhite.indexOf</span><span class="jsdoc-syntax">(</span><span class="jsdoc-var">l</span><span class="jsdoc-syntax">) &lt; 0 &amp;&amp; </span><span class="jsdoc-var">cwhite.indexOf</span><span class="jsdoc-syntax">(</span><span class="jsdoc-var">l.toLowerCase</span><span class="jsdoc-syntax">()) &lt; 0 ) {
 </span><span class="jsdoc-comment">//                    Roo.log('(REMOVE CSS)' + node.tagName +'.' + n + ':'+l + '=' + v);
                     //node.removeAttribute(n);
                     </span><span class="jsdoc-keyword">return true</span><span class="jsdoc-syntax">;
diff --git a/roojs-all.js b/roojs-all.js
index 77ec27812b..036d8f8a11 100644
--- a/roojs-all.js
+++ b/roojs-all.js
@@ -1868,8 +1868,8 @@ i>-1;i--){this.cleanUpChild(n.childNodes[i]);}},cleanUpChild:function(A){var ed=
 return;}var C=Roo.HtmlEditorCore.remove.indexOf(A.tagName.toLowerCase())>-1;if((!A.attributes||!A.attributes.length)&&B=='span'){C=true;}if(C){this.cleanUpChildren(A);while(A.childNodes.length){var cn=A.childNodes[0];A.removeChild(cn);A.parentNode.insertBefore(cn,A);
 }A.parentNode.removeChild(A);return;}if(!A.attributes||!A.attributes.length){this.cleanUpChildren(A);return;}function cleanAttr(n,v){if(v.match(/^\./)||v.match(/^\//)){return;}if(v.match(/^(http|https):\/\//)||v.match(/^mailto:/)||v.match(/^ftp:/)){return;
 }if(v.match(/^#/)){return;}if(v.match(/^\{/)){return;}A.removeAttribute(n);}var D=this.cwhite;var E=this.cblack;function cleanStyle(n,v){if(v.match(/expression/)){A.removeAttribute(n);return;}var F=v.split(/;/);var G=[];Roo.each(F,function(p){p=p.replace(/^\s+/g,'').replace(/\s+$/g,'');
-if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0){return true;}G.push(p);return true;});if(G.length){A.setAttribute(n,G.join(';'));
-}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
+if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0&&D.indexOf(l.toLowerCase())<0){return true;}G.push(p);return true;}
+);if(G.length){A.setAttribute(n,G.join(';'));}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
 continue;}if(Roo.HtmlEditorCore.aclean.indexOf(a.name.toLowerCase())>-1){cleanAttr(a.name,a.value);continue;}if(a.name=='style'){cleanStyle(a.name,a.value);continue;}if(a.name=='class'){if(a.value.match(/^Mso/)){A.removeAttribute('class');}if(a.value.match(/^body$/)){A.removeAttribute('class');
 }continue;}}this.cleanUpChildren(A);},cleanWord:function(A){if(!A){this.cleanWord(this.doc.body);return;}if(A.nodeName=='SPAN'&&!A.hasAttributes()&&A.childNodes.length==1&&A.firstChild.nodeName=="#text"){var B=A.firstChild;A.removeChild(B);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);
 }A.parentNode.insertBefore(B,A);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);}A.parentNode.removeChild(A);}if(A.nodeName=="#text"){return;}if(A.nodeName=="#comment"){A.parentNode.removeChild(A);return;
diff --git a/roojs-bootstrap-debug.js b/roojs-bootstrap-debug.js
index 8f61342c18..9f8bb00f5c 100644
--- a/roojs-bootstrap-debug.js
+++ b/roojs-bootstrap-debug.js
@@ -27111,7 +27111,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component,  {
                 }
                 //Roo.log()
                 // only allow 'c whitelisted system attributes'
-                if ( cwhite.length &&  cwhite.indexOf(l) < 0) {
+                if ( cwhite.length &&  cwhite.indexOf(l) < 0 && cwhite.indexOf(l.toLowerCase()) < 0 ) {
 //                    Roo.log('(REMOVE CSS)' + node.tagName +'.' + n + ':'+l + '=' + v);
                     //node.removeAttribute(n);
                     return true;
diff --git a/roojs-bootstrap.js b/roojs-bootstrap.js
index e7d2616235..29f8231ecd 100644
--- a/roojs-bootstrap.js
+++ b/roojs-bootstrap.js
@@ -1149,8 +1149,8 @@ i>-1;i--){this.cleanUpChild(n.childNodes[i]);}},cleanUpChild:function(A){var ed=
 return;}var C=Roo.HtmlEditorCore.remove.indexOf(A.tagName.toLowerCase())>-1;if((!A.attributes||!A.attributes.length)&&B=='span'){C=true;}if(C){this.cleanUpChildren(A);while(A.childNodes.length){var cn=A.childNodes[0];A.removeChild(cn);A.parentNode.insertBefore(cn,A);
 }A.parentNode.removeChild(A);return;}if(!A.attributes||!A.attributes.length){this.cleanUpChildren(A);return;}function cleanAttr(n,v){if(v.match(/^\./)||v.match(/^\//)){return;}if(v.match(/^(http|https):\/\//)||v.match(/^mailto:/)||v.match(/^ftp:/)){return;
 }if(v.match(/^#/)){return;}if(v.match(/^\{/)){return;}A.removeAttribute(n);}var D=this.cwhite;var E=this.cblack;function cleanStyle(n,v){if(v.match(/expression/)){A.removeAttribute(n);return;}var F=v.split(/;/);var G=[];Roo.each(F,function(p){p=p.replace(/^\s+/g,'').replace(/\s+$/g,'');
-if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0){return true;}G.push(p);return true;});if(G.length){A.setAttribute(n,G.join(';'));
-}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
+if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0&&D.indexOf(l.toLowerCase())<0){return true;}G.push(p);return true;}
+);if(G.length){A.setAttribute(n,G.join(';'));}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
 continue;}if(Roo.HtmlEditorCore.aclean.indexOf(a.name.toLowerCase())>-1){cleanAttr(a.name,a.value);continue;}if(a.name=='style'){cleanStyle(a.name,a.value);continue;}if(a.name=='class'){if(a.value.match(/^Mso/)){A.removeAttribute('class');}if(a.value.match(/^body$/)){A.removeAttribute('class');
 }continue;}}this.cleanUpChildren(A);},cleanWord:function(A){if(!A){this.cleanWord(this.doc.body);return;}if(A.nodeName=='SPAN'&&!A.hasAttributes()&&A.childNodes.length==1&&A.firstChild.nodeName=="#text"){var B=A.firstChild;A.removeChild(B);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);
 }A.parentNode.insertBefore(B,A);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);}A.parentNode.removeChild(A);}if(A.nodeName=="#text"){return;}if(A.nodeName=="#comment"){A.parentNode.removeChild(A);return;
diff --git a/roojs-debug.js b/roojs-debug.js
index 8d917e931d..7b48a1d09f 100644
--- a/roojs-debug.js
+++ b/roojs-debug.js
@@ -45546,7 +45546,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component,  {
                 }
                 //Roo.log()
                 // only allow 'c whitelisted system attributes'
-                if ( cwhite.length &&  cwhite.indexOf(l) < 0) {
+                if ( cwhite.length &&  cwhite.indexOf(l) < 0 && cwhite.indexOf(l.toLowerCase()) < 0 ) {
 //                    Roo.log('(REMOVE CSS)' + node.tagName +'.' + n + ':'+l + '=' + v);
                     //node.removeAttribute(n);
                     return true;
diff --git a/roojs-ui-debug.js b/roojs-ui-debug.js
index c74dbd35a1..724119abf9 100644
--- a/roojs-ui-debug.js
+++ b/roojs-ui-debug.js
@@ -21675,7 +21675,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component,  {
                 }
                 //Roo.log()
                 // only allow 'c whitelisted system attributes'
-                if ( cwhite.length &&  cwhite.indexOf(l) < 0) {
+                if ( cwhite.length &&  cwhite.indexOf(l) < 0 && cwhite.indexOf(l.toLowerCase()) < 0 ) {
 //                    Roo.log('(REMOVE CSS)' + node.tagName +'.' + n + ':'+l + '=' + v);
                     //node.removeAttribute(n);
                     return true;
diff --git a/roojs-ui.js b/roojs-ui.js
index e026b75a0e..2480ad2810 100644
--- a/roojs-ui.js
+++ b/roojs-ui.js
@@ -947,8 +947,8 @@ i>-1;i--){this.cleanUpChild(n.childNodes[i]);}},cleanUpChild:function(A){var ed=
 return;}var C=Roo.HtmlEditorCore.remove.indexOf(A.tagName.toLowerCase())>-1;if((!A.attributes||!A.attributes.length)&&B=='span'){C=true;}if(C){this.cleanUpChildren(A);while(A.childNodes.length){var cn=A.childNodes[0];A.removeChild(cn);A.parentNode.insertBefore(cn,A);
 }A.parentNode.removeChild(A);return;}if(!A.attributes||!A.attributes.length){this.cleanUpChildren(A);return;}function cleanAttr(n,v){if(v.match(/^\./)||v.match(/^\//)){return;}if(v.match(/^(http|https):\/\//)||v.match(/^mailto:/)||v.match(/^ftp:/)){return;
 }if(v.match(/^#/)){return;}if(v.match(/^\{/)){return;}A.removeAttribute(n);}var D=this.cwhite;var E=this.cblack;function cleanStyle(n,v){if(v.match(/expression/)){A.removeAttribute(n);return;}var F=v.split(/;/);var G=[];Roo.each(F,function(p){p=p.replace(/^\s+/g,'').replace(/\s+$/g,'');
-if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0){return true;}G.push(p);return true;});if(G.length){A.setAttribute(n,G.join(';'));
-}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
+if(!p.length){return true;}var l=p.split(':').shift().replace(/\s+/g,'');l=l.replace(/^\s+/g,'').replace(/\s+$/g,'');if(D.length&&E.indexOf(l)>-1){return true;}if(D.length&&D.indexOf(l)<0&&D.indexOf(l.toLowerCase())<0){return true;}G.push(p);return true;}
+);if(G.length){A.setAttribute(n,G.join(';'));}else{A.removeAttribute(n);}}for(var i=A.attributes.length-1;i>-1;i--){var a=A.attributes[i];if(a.name.toLowerCase().substr(0,2)=='on'){A.removeAttribute(a.name);continue;}if(Roo.HtmlEditorCore.ablack.indexOf(a.name.toLowerCase())>-1){A.removeAttribute(a.name);
 continue;}if(Roo.HtmlEditorCore.aclean.indexOf(a.name.toLowerCase())>-1){cleanAttr(a.name,a.value);continue;}if(a.name=='style'){cleanStyle(a.name,a.value);continue;}if(a.name=='class'){if(a.value.match(/^Mso/)){A.removeAttribute('class');}if(a.value.match(/^body$/)){A.removeAttribute('class');
 }continue;}}this.cleanUpChildren(A);},cleanWord:function(A){if(!A){this.cleanWord(this.doc.body);return;}if(A.nodeName=='SPAN'&&!A.hasAttributes()&&A.childNodes.length==1&&A.firstChild.nodeName=="#text"){var B=A.firstChild;A.removeChild(B);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);
 }A.parentNode.insertBefore(B,A);if(A.getAttribute('lang')!='zh-CN'){A.parentNode.insertBefore(A.ownerDocument.createTextNode(" "),A);}A.parentNode.removeChild(A);}if(A.nodeName=="#text"){return;}if(A.nodeName=="#comment"){A.parentNode.removeChild(A);return;