From 63139952fc598d42daa99a79376a9eb9e0be6c5c Mon Sep 17 00:00:00 2001 From: Alan Date: Mon, 11 Sep 2023 10:55:52 +0800 Subject: [PATCH] paste filtering should be stricter than sync --- Roo/HtmlEditorCore.js | 6 ++++-- roojs-all.js | 18 +++++++++--------- roojs-debug.js | 6 ++++-- roojs-ui-debug.js | 6 ++++-- roojs-ui.js | 18 +++++++++--------- 5 files changed, 30 insertions(+), 24 deletions(-) diff --git a/Roo/HtmlEditorCore.js b/Roo/HtmlEditorCore.js index 5c28b286de..c8105fe8f9 100644 --- a/Roo/HtmlEditorCore.js +++ b/Roo/HtmlEditorCore.js @@ -699,8 +699,9 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'name', 'align', 'colspan', - 'rowspan', - 'data-display', + 'rowspan' + /* THESE ARE NOT ALLWOED FOR PASTE + * 'data-display', 'data-caption-display', 'data-width', 'data-caption', @@ -713,6 +714,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'width', 'height', 'alt' + */ ], attrib_clean : ['href', 'src' ] }); diff --git a/roojs-all.js b/roojs-all.js index 6c81e57786..5ed8c8f8c8 100644 --- a/roojs-all.js +++ b/roojs-all.js @@ -2099,15 +2099,15 @@ var r=new FileReader();var t=this;r.addEventListener('load',function(){var d=(ne }var B=[];var C=cd.getData('text/html');if(cd.types.indexOf('text/rtf')>-1){var D=new Roo.rtf.Parser(cd.getData('text/rtf'));B=D.doc?D.doc.getElementsByType('pict'):[];}B=B.filter(function(g){return !g.path.match(/^rtf\/(head|pgdsctbl|listtable|footerf)/); }).map(function(g){return g.toDataURL();}).filter(function(g){return g!='about:blank';});C=this.cleanWordChars(C);var d=(new DOMParser().parseFromString(C,'text/html')).body;var sn=this.getParentElement();if(d.getElementsByTagName('table').length&&sn&&sn.closest('table')){e.preventDefault(); this.insertAtCursor("You can not nest tables");return false;}if(B.length>0){var ar=Array.from(d.getElementsByTagName('v:imagedata'));Roo.each(ar,function(E){E.parentNode.insertBefore(d.ownerDocument.createElement('img'),E);E.parentNode.removeChild(E);});Roo.each(d.getElementsByTagName('img'),function(E,i){E.setAttribute('src',B[i]); -});}if(this.autoClean){new Roo.htmleditor.FilterWord({node:d});new Roo.htmleditor.FilterStyleToTag({node:d});new Roo.htmleditor.FilterAttributes({node:d,attrib_white:['href','src','name','align','colspan','rowspan','data-display','data-caption-display','data-width','data-caption','start','style','class','allowfullscreen','frameborder','width','height','alt'],attrib_clean:['href','src']} -);new Roo.htmleditor.FilterBlack({node:d,tag:this.black});new Roo.htmleditor.FilterKeepChildren({node:d,tag:['FONT',':']});new Roo.htmleditor.FilterParagraph({node:d});new Roo.htmleditor.FilterSpan({node:d});new Roo.htmleditor.FilterLongBr({node:d});new Roo.htmleditor.FilterComment({node:d} -);}if(this.enableBlocks){Array.from(d.getElementsByTagName('img')).forEach(function(E){if(E.closest('figure')){return;}var F=new Roo.htmleditor.BlockFigure({image_src:E.src});F.updateElement(E);});}this.insertAtCursor(d.innerHTML.replace(/ /g,' '));if(this.enableBlocks){Roo.htmleditor.Block.initAll(this.doc.body); -}e.preventDefault();this.owner.fireEvent('paste',this);return false;},onDestroy:function(){if(this.rendered){}},onFirstFocus:function(){this.assignDocWin();this.undoManager=new Roo.lib.UndoManager(100,(this.doc.body||this.doc.documentElement));this.activated=true; -if(Roo.isGecko){this.win.focus();var s=this.win.getSelection();if(!s.focusNode||s.focusNode.nodeType!=3){var r=s.getRangeAt(0);r.selectNodeContents((this.doc.body||this.doc.documentElement));r.collapse(true);this.deferFocus();}try{this.execCmd('useCSS',true); -this.execCmd('styleWithCSS',false);}catch(e){}}this.owner.fireEvent('activate',this);},adjustFont:function(A){var B=A.cmd=='increasefontsize'?1:-1;var v=parseInt(this.doc.queryCommandValue('FontSize')||3,10);if(Roo.isSafari){var sm={10:1,13:2,16:3,18:4,24:5,32:6,48:7} -;v=(v<10)?10:v;v=(v>48)?48:v;v=typeof(sm[v])=='undefined'?1:sm[v];}v=Math.max(1,v+B);this.execCmd('FontSize',v);},onEditorEvent:function(e){if(e&&(e.ctrlKey||e.metaKey)&&e.keyCode===90){return;}if(e&&e.target.nodeName=='BODY'&&e.type=="mouseup"&&this.doc.body.lastChild){var lc=this.doc.body.lastChild; -while((lc.nodeType==3&&lc.nodeValue=='')||lc.id=='gtx-trans'){lc=lc.previousSibling;}if(lc.nodeType==1&&lc.nodeName!='BR'){var ns=this.doc.createElement('br');this.doc.body.appendChild(ns);range=this.doc.createRange();range.setStartAfter(ns);range.collapse(true); -var A=this.win.getSelection();A.removeAllRanges();A.addRange(range);}}this.fireEditorEvent(e);this.syncValue();},fireEditorEvent:function(e){this.owner.fireEvent('editorevent',this,e);},insertTag:function(tg){if(tg.toLowerCase()=='span'||tg.toLowerCase()=='code'||tg.toLowerCase()=='sup'||tg.toLowerCase()=='sub'){range=this.createRange(this.getSelection()); +});}if(this.autoClean){new Roo.htmleditor.FilterWord({node:d});new Roo.htmleditor.FilterStyleToTag({node:d});new Roo.htmleditor.FilterAttributes({node:d,attrib_white:['href','src','name','align','colspan','rowspan'],attrib_clean:['href','src']});new Roo.htmleditor.FilterBlack({node:d,tag:this.black} +);new Roo.htmleditor.FilterKeepChildren({node:d,tag:['FONT',':']});new Roo.htmleditor.FilterParagraph({node:d});new Roo.htmleditor.FilterSpan({node:d});new Roo.htmleditor.FilterLongBr({node:d});new Roo.htmleditor.FilterComment({node:d});}if(this.enableBlocks){Array.from(d.getElementsByTagName('img')).forEach(function(E){if(E.closest('figure')){return; +}var F=new Roo.htmleditor.BlockFigure({image_src:E.src});F.updateElement(E);});}this.insertAtCursor(d.innerHTML.replace(/ /g,' '));if(this.enableBlocks){Roo.htmleditor.Block.initAll(this.doc.body);}e.preventDefault();this.owner.fireEvent('paste',this); +return false;},onDestroy:function(){if(this.rendered){}},onFirstFocus:function(){this.assignDocWin();this.undoManager=new Roo.lib.UndoManager(100,(this.doc.body||this.doc.documentElement));this.activated=true;if(Roo.isGecko){this.win.focus();var s=this.win.getSelection(); +if(!s.focusNode||s.focusNode.nodeType!=3){var r=s.getRangeAt(0);r.selectNodeContents((this.doc.body||this.doc.documentElement));r.collapse(true);this.deferFocus();}try{this.execCmd('useCSS',true);this.execCmd('styleWithCSS',false);}catch(e){}}this.owner.fireEvent('activate',this); +},adjustFont:function(A){var B=A.cmd=='increasefontsize'?1:-1;var v=parseInt(this.doc.queryCommandValue('FontSize')||3,10);if(Roo.isSafari){var sm={10:1,13:2,16:3,18:4,24:5,32:6,48:7};v=(v<10)?10:v;v=(v>48)?48:v;v=typeof(sm[v])=='undefined'?1:sm[v];}v=Math.max(1,v+B); +this.execCmd('FontSize',v);},onEditorEvent:function(e){if(e&&(e.ctrlKey||e.metaKey)&&e.keyCode===90){return;}if(e&&e.target.nodeName=='BODY'&&e.type=="mouseup"&&this.doc.body.lastChild){var lc=this.doc.body.lastChild;while((lc.nodeType==3&&lc.nodeValue=='')||lc.id=='gtx-trans'){lc=lc.previousSibling; +}if(lc.nodeType==1&&lc.nodeName!='BR'){var ns=this.doc.createElement('br');this.doc.body.appendChild(ns);range=this.doc.createRange();range.setStartAfter(ns);range.collapse(true);var A=this.win.getSelection();A.removeAllRanges();A.addRange(range);}}this.fireEditorEvent(e); +this.syncValue();},fireEditorEvent:function(e){this.owner.fireEvent('editorevent',this,e);},insertTag:function(tg){if(tg.toLowerCase()=='span'||tg.toLowerCase()=='code'||tg.toLowerCase()=='sup'||tg.toLowerCase()=='sub'){range=this.createRange(this.getSelection()); var A=this.doc.createElement(tg.toLowerCase());A.appendChild(range.extractContents());range.insertNode(A);return;}this.execCmd("formatblock",tg);this.undoManager.addEvent();},insertText:function(A){var B=this.createRange();B.deleteContents();B.insertNode(this.doc.createTextNode(A)); this.undoManager.addEvent();},relayCmd:function(A,B){switch(A){case 'justifyleft':case 'justifyright':case 'justifycenter':var n=this.getParentElement();var td=n.closest('td');if(td){var bl=Roo.htmleditor.Block.factory(td);bl.textAlign=A.replace('justify',''); bl.updateElement();this.owner.fireEvent('editorevent',this);return;}this.execCmd('styleWithCSS',true);break;case 'bold':case 'italic':case 'underline':this.execCmd('styleWithCSS',false);break;default:break;}this.win.focus();this.execCmd(A,B);this.owner.fireEvent('editorevent',this); diff --git a/roojs-debug.js b/roojs-debug.js index a9c4f96d3c..da6bc80fa5 100644 --- a/roojs-debug.js +++ b/roojs-debug.js @@ -50668,8 +50668,9 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'name', 'align', 'colspan', - 'rowspan', - 'data-display', + 'rowspan' + /* THESE ARE NOT ALLWOED FOR PASTE + * 'data-display', 'data-caption-display', 'data-width', 'data-caption', @@ -50682,6 +50683,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'width', 'height', 'alt' + */ ], attrib_clean : ['href', 'src' ] }); diff --git a/roojs-ui-debug.js b/roojs-ui-debug.js index f62a8e52e0..5e974aa51d 100644 --- a/roojs-ui-debug.js +++ b/roojs-ui-debug.js @@ -26166,8 +26166,9 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'name', 'align', 'colspan', - 'rowspan', - 'data-display', + 'rowspan' + /* THESE ARE NOT ALLWOED FOR PASTE + * 'data-display', 'data-caption-display', 'data-width', 'data-caption', @@ -26180,6 +26181,7 @@ Roo.extend(Roo.HtmlEditorCore, Roo.Component, { 'width', 'height', 'alt' + */ ], attrib_clean : ['href', 'src' ] }); diff --git a/roojs-ui.js b/roojs-ui.js index 22170c6343..97617a4880 100644 --- a/roojs-ui.js +++ b/roojs-ui.js @@ -1152,15 +1152,15 @@ var r=new FileReader();var t=this;r.addEventListener('load',function(){var d=(ne }var B=[];var C=cd.getData('text/html');if(cd.types.indexOf('text/rtf')>-1){var D=new Roo.rtf.Parser(cd.getData('text/rtf'));B=D.doc?D.doc.getElementsByType('pict'):[];}B=B.filter(function(g){return !g.path.match(/^rtf\/(head|pgdsctbl|listtable|footerf)/); }).map(function(g){return g.toDataURL();}).filter(function(g){return g!='about:blank';});C=this.cleanWordChars(C);var d=(new DOMParser().parseFromString(C,'text/html')).body;var sn=this.getParentElement();if(d.getElementsByTagName('table').length&&sn&&sn.closest('table')){e.preventDefault(); this.insertAtCursor("You can not nest tables");return false;}if(B.length>0){var ar=Array.from(d.getElementsByTagName('v:imagedata'));Roo.each(ar,function(E){E.parentNode.insertBefore(d.ownerDocument.createElement('img'),E);E.parentNode.removeChild(E);});Roo.each(d.getElementsByTagName('img'),function(E,i){E.setAttribute('src',B[i]); -});}if(this.autoClean){new Roo.htmleditor.FilterWord({node:d});new Roo.htmleditor.FilterStyleToTag({node:d});new Roo.htmleditor.FilterAttributes({node:d,attrib_white:['href','src','name','align','colspan','rowspan','data-display','data-caption-display','data-width','data-caption','start','style','class','allowfullscreen','frameborder','width','height','alt'],attrib_clean:['href','src']} -);new Roo.htmleditor.FilterBlack({node:d,tag:this.black});new Roo.htmleditor.FilterKeepChildren({node:d,tag:['FONT',':']});new Roo.htmleditor.FilterParagraph({node:d});new Roo.htmleditor.FilterSpan({node:d});new Roo.htmleditor.FilterLongBr({node:d});new Roo.htmleditor.FilterComment({node:d} -);}if(this.enableBlocks){Array.from(d.getElementsByTagName('img')).forEach(function(E){if(E.closest('figure')){return;}var F=new Roo.htmleditor.BlockFigure({image_src:E.src});F.updateElement(E);});}this.insertAtCursor(d.innerHTML.replace(/ /g,' '));if(this.enableBlocks){Roo.htmleditor.Block.initAll(this.doc.body); -}e.preventDefault();this.owner.fireEvent('paste',this);return false;},onDestroy:function(){if(this.rendered){}},onFirstFocus:function(){this.assignDocWin();this.undoManager=new Roo.lib.UndoManager(100,(this.doc.body||this.doc.documentElement));this.activated=true; -if(Roo.isGecko){this.win.focus();var s=this.win.getSelection();if(!s.focusNode||s.focusNode.nodeType!=3){var r=s.getRangeAt(0);r.selectNodeContents((this.doc.body||this.doc.documentElement));r.collapse(true);this.deferFocus();}try{this.execCmd('useCSS',true); -this.execCmd('styleWithCSS',false);}catch(e){}}this.owner.fireEvent('activate',this);},adjustFont:function(A){var B=A.cmd=='increasefontsize'?1:-1;var v=parseInt(this.doc.queryCommandValue('FontSize')||3,10);if(Roo.isSafari){var sm={10:1,13:2,16:3,18:4,24:5,32:6,48:7} -;v=(v<10)?10:v;v=(v>48)?48:v;v=typeof(sm[v])=='undefined'?1:sm[v];}v=Math.max(1,v+B);this.execCmd('FontSize',v);},onEditorEvent:function(e){if(e&&(e.ctrlKey||e.metaKey)&&e.keyCode===90){return;}if(e&&e.target.nodeName=='BODY'&&e.type=="mouseup"&&this.doc.body.lastChild){var lc=this.doc.body.lastChild; -while((lc.nodeType==3&&lc.nodeValue=='')||lc.id=='gtx-trans'){lc=lc.previousSibling;}if(lc.nodeType==1&&lc.nodeName!='BR'){var ns=this.doc.createElement('br');this.doc.body.appendChild(ns);range=this.doc.createRange();range.setStartAfter(ns);range.collapse(true); -var A=this.win.getSelection();A.removeAllRanges();A.addRange(range);}}this.fireEditorEvent(e);this.syncValue();},fireEditorEvent:function(e){this.owner.fireEvent('editorevent',this,e);},insertTag:function(tg){if(tg.toLowerCase()=='span'||tg.toLowerCase()=='code'||tg.toLowerCase()=='sup'||tg.toLowerCase()=='sub'){range=this.createRange(this.getSelection()); +});}if(this.autoClean){new Roo.htmleditor.FilterWord({node:d});new Roo.htmleditor.FilterStyleToTag({node:d});new Roo.htmleditor.FilterAttributes({node:d,attrib_white:['href','src','name','align','colspan','rowspan'],attrib_clean:['href','src']});new Roo.htmleditor.FilterBlack({node:d,tag:this.black} +);new Roo.htmleditor.FilterKeepChildren({node:d,tag:['FONT',':']});new Roo.htmleditor.FilterParagraph({node:d});new Roo.htmleditor.FilterSpan({node:d});new Roo.htmleditor.FilterLongBr({node:d});new Roo.htmleditor.FilterComment({node:d});}if(this.enableBlocks){Array.from(d.getElementsByTagName('img')).forEach(function(E){if(E.closest('figure')){return; +}var F=new Roo.htmleditor.BlockFigure({image_src:E.src});F.updateElement(E);});}this.insertAtCursor(d.innerHTML.replace(/ /g,' '));if(this.enableBlocks){Roo.htmleditor.Block.initAll(this.doc.body);}e.preventDefault();this.owner.fireEvent('paste',this); +return false;},onDestroy:function(){if(this.rendered){}},onFirstFocus:function(){this.assignDocWin();this.undoManager=new Roo.lib.UndoManager(100,(this.doc.body||this.doc.documentElement));this.activated=true;if(Roo.isGecko){this.win.focus();var s=this.win.getSelection(); +if(!s.focusNode||s.focusNode.nodeType!=3){var r=s.getRangeAt(0);r.selectNodeContents((this.doc.body||this.doc.documentElement));r.collapse(true);this.deferFocus();}try{this.execCmd('useCSS',true);this.execCmd('styleWithCSS',false);}catch(e){}}this.owner.fireEvent('activate',this); +},adjustFont:function(A){var B=A.cmd=='increasefontsize'?1:-1;var v=parseInt(this.doc.queryCommandValue('FontSize')||3,10);if(Roo.isSafari){var sm={10:1,13:2,16:3,18:4,24:5,32:6,48:7};v=(v<10)?10:v;v=(v>48)?48:v;v=typeof(sm[v])=='undefined'?1:sm[v];}v=Math.max(1,v+B); +this.execCmd('FontSize',v);},onEditorEvent:function(e){if(e&&(e.ctrlKey||e.metaKey)&&e.keyCode===90){return;}if(e&&e.target.nodeName=='BODY'&&e.type=="mouseup"&&this.doc.body.lastChild){var lc=this.doc.body.lastChild;while((lc.nodeType==3&&lc.nodeValue=='')||lc.id=='gtx-trans'){lc=lc.previousSibling; +}if(lc.nodeType==1&&lc.nodeName!='BR'){var ns=this.doc.createElement('br');this.doc.body.appendChild(ns);range=this.doc.createRange();range.setStartAfter(ns);range.collapse(true);var A=this.win.getSelection();A.removeAllRanges();A.addRange(range);}}this.fireEditorEvent(e); +this.syncValue();},fireEditorEvent:function(e){this.owner.fireEvent('editorevent',this,e);},insertTag:function(tg){if(tg.toLowerCase()=='span'||tg.toLowerCase()=='code'||tg.toLowerCase()=='sup'||tg.toLowerCase()=='sub'){range=this.createRange(this.getSelection()); var A=this.doc.createElement(tg.toLowerCase());A.appendChild(range.extractContents());range.insertNode(A);return;}this.execCmd("formatblock",tg);this.undoManager.addEvent();},insertText:function(A){var B=this.createRange();B.deleteContents();B.insertNode(this.doc.createTextNode(A)); this.undoManager.addEvent();},relayCmd:function(A,B){switch(A){case 'justifyleft':case 'justifyright':case 'justifycenter':var n=this.getParentElement();var td=n.closest('td');if(td){var bl=Roo.htmleditor.Block.factory(td);bl.textAlign=A.replace('justify',''); bl.updateElement();this.owner.fireEvent('editorevent',this);return;}this.execCmd('styleWithCSS',true);break;case 'bold':case 'italic':case 'underline':this.execCmd('styleWithCSS',false);break;default:break;}this.win.focus();this.execCmd(A,B);this.owner.fireEvent('editorevent',this); -- 2.39.2