Clean HTML before pasting in tinymce
If the user decides to copy-paste HTML (like from another OpenSlides motion detail) - remove all classes - remove data-line-number="X" - remove contenteditable="false" Not doing so would save control sequences from diff/linenumbering into the model which will open pandoras pox during PDF generation (and potentially web view)
This commit is contained in:
parent
8c7a770f9b
commit
eab60ab31a
@ -67,7 +67,8 @@ export abstract class BaseComponent {
|
||||
plugins: ['autosave', 'lists', 'autolink']
|
||||
},
|
||||
relative_urls: false,
|
||||
remove_script_host: true
|
||||
remove_script_host: true,
|
||||
paste_preprocess: this.pastePreprocess
|
||||
};
|
||||
|
||||
public constructor(protected titleService: Title, protected translate: TranslateService) {
|
||||
@ -75,6 +76,29 @@ export abstract class BaseComponent {
|
||||
this.tinyMceSettings.language = this.translate.currentLang;
|
||||
}
|
||||
|
||||
/**
|
||||
* Clean pasted HTML.
|
||||
* If the user decides to copy-paste HTML (like from another OpenSlides motion detail)
|
||||
* - remove all classes
|
||||
* - remove data-line-number="X"
|
||||
* - remove contenteditable="false"
|
||||
*
|
||||
* Not doing so would save control sequences from diff/linenumbering into the
|
||||
* model which will open pandoras pox during PDF generation (and potentially web view)
|
||||
* @param _
|
||||
* @param args
|
||||
*/
|
||||
private pastePreprocess(_: any, args: any): void {
|
||||
const getClassesRe: RegExp = new RegExp(/\s*class\=\"[\w\W]*?\"/, 'gi');
|
||||
const getDataLineNumberRe: RegExp = new RegExp(/\s*data-line-number\=\"\d+\"/, 'gi');
|
||||
const getContentEditableRe: RegExp = new RegExp(/\s*contenteditable\=\"\w+\"/, 'gi');
|
||||
const cleanedContent = (args.content as string)
|
||||
.replace(getClassesRe, '')
|
||||
.replace(getDataLineNumberRe, '')
|
||||
.replace(getContentEditableRe, '');
|
||||
args.content = cleanedContent;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the title in web browser using angulars TitleService
|
||||
* @param prefix The title prefix. Should be translated here.
|
||||
|
Loading…
Reference in New Issue
Block a user