Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hello, I've installed the modules ckeditor_syntaxhighlighter https://drupal.org/project/issues/2157351 and syntaxhighlighter 7.x-2.0. I'm using Drupal core 7.26. These seem to be working correctly when I an editing the body. But when I save the code changes the attribute to <pre>
tags. Thus when a <pre class="brush:bash;">
is in the original text the saved text contains just <pre class="bash;">
.
Comments
Comment #1
ostami CreditAttribution: ostami commentedComment #2
Wim LeersThe
html_filter
interpretsbrush:bash;
as a URL, andbrush
is not a safe protocol, so it is stripped.The
syntaxhighlighter
filter should protect its code blocks.Comment #3
ao2 CreditAttribution: ao2 as a volunteer commentedThe Drupal core issue where this is discussed is #2544110: XSS attribute filtering is inconsistent and strips valid attributes, adding the
class
attribute to the list of safe attributes would solve the issue.However the issue is already worked around in the official Syntax Highlighter Drupal module for filtered formats, so just use that one instead of https://www.drupal.org/sandbox/eduardoa/2157351
Closing as outdated.