diff --git a/core/modules/filter/filter.filter_html.admin.js b/core/modules/filter/filter.filter_html.admin.js index 7ddca90bba..97caaa6d97 100644 --- a/core/modules/filter/filter.filter_html.admin.js +++ b/core/modules/filter/filter.filter_html.admin.js @@ -230,45 +230,40 @@ * tag name. */ _parseSetting: function (setting) { - var node; var tag; var rule; - var attributes; - var attribute; - var allowedTags = setting.match(/(<[^>]+>)/g); - var sandbox = document.createElement('div'); var rules = {}; - for (var t = 0; t < allowedTags.length; t++) { + + var parser = new CKEDITOR.htmlParser(); + parser.onTagOpen = function( tagName, attributes, selfClosing ) { // Let the browser do the parsing work for us. - sandbox.innerHTML = allowedTags[t]; - node = sandbox.firstChild; - tag = node.tagName.toLowerCase(); + tag = tagName.toLowerCase(); // Build the Drupal.FilterHtmlRule object. rule = new Drupal.FilterHTMLRule(); // We create one rule per allowed tag, so always one tag. rule.restrictedTags.tags = [tag]; + // Add the attribute restrictions. - attributes = node.attributes; - for (var i = 0; i < attributes.length; i++) { - attribute = attributes.item(i); - var attributeName = attribute.nodeName; + Object.keys(attributes).forEach(function (nodeName) { // @todo Drupal.FilterHtmlRule does not allow for generic attribute // value restrictions, only for the "class" and "style" attribute's // values. The filter_html filter always disallows the "style" // attribute, so we only need to support "class" attribute value // restrictions. Fix once https://www.drupal.org/node/2567801 lands. - if (attributeName === 'class') { - var attributeValue = attribute.textContent; + if (nodeName === 'class') { + var attributeValue = attributes[nodeName]; rule.restrictedTags.allowed.classes = attributeValue.split(' '); } else { - rule.restrictedTags.allowed.attributes.push(attributeName); + rule.restrictedTags.allowed.attributes.push(nodeName); } - } + }); rules[tag] = rule; - } + }; + parser.parse(setting); + return rules; },