Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Maybe it`s duplicate or should be part of other issue.
Anyway.
I`m trying to keep inline styles while using "Limit allowed HTML tags" filter.
Using wysiwyg + ckeditor.
And no problem if I remove "Limit allowed HTML tags" filtering from processing of a text format.
Problem is in the includes/common.inc:1586 _filter_xss_attributes() function.
Even thou there is $skip variable on line 1600
$skip = ($attrname == 'style' || substr($attrname, 0, 2) == 'on');
which should be telling mechanism to pass over 'style' attribute, filter_xss_bad_protocol() applied
$thisval = filter_xss_bad_protocol($match[1]);
in the line 1626 to the matched 'style' attribute`s value, for example it could be "font-size:30px;" at this point.
Which of course IS a bad protocol from filter_xss_bad_protocol`s point of view.
Which of course is successifully wiped by this function.
As for quick solution, for saving inline styles after applying "Limit allowed HTML tags" filter, I have made changes attached as patch, but don`t know if those changes are totally ok from other points of view.
Comments
Comment #2
q11q11 CreditAttribution: q11q11 as a volunteer commentedComment #3
q11q11 CreditAttribution: q11q11 as a volunteer commented