Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
Ckeditor has introduced a very strict validations or element filtering process where attribute like style are not allowed due to security concerns.
Because of that modules like colorbutton has lost their compatibility.
Steps to reproduce
- - Enable colorbutton module
- - Enable the colorbutton in the editor formats
- - Add a new content and add text and use colorbutton to highlight.
- - Enable and switch to CKE5 and see the results.
Expected :
- All the inline styles added by color-button should work
Actual:
- All the inline styling are gone
Proposed resolution
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | ckeditor5-allow-style-attribute.patch | 1.33 KB | vakulrai |
Comments
Comment #2
vakulrai commentedI am adding a patch to support the feature , i know this is not the very prominent or reliable solution but just for other projects having the some problem:
Comment #3
cilefen commentedComment #5
wim leersIf a module uses
style, it will only work for text formats that do not use thefilter_htmlfilter. Even if you commit this patch, the presence offilter_htmlwould still remove thestyleattribute anyway upon viewing!This patch is not committable, it introduces a security regression.
The module maintainers are aware of this: #3182292: <span style> didn't take effect even if it has been added to Allowed HTML tags. The proper solution is #2910028: How to change span tag from style to class.
Comment #6
wim leers