edit: paste limited html, enforce filter on all events

[minimedit.git] / edit.js

diff --git a/edit.js b/edit.js
index dfa4a6d099eee90f3cad28bd6f02e34933607eae..6dcb705cee1c72e649530d8b508ce518889338cc 100644 (file)
--- a/edit.js
+++ b/edit.js
@@ -45,6 +45,21 @@ CKEDITOR.on('dialogDefinition', function (event) {
 
 CKEDITOR.on('instanceCreated', function (event) {
        var editor = event.editor;
+       var pastefilter = 'h2 h3 p ul ol li blockquote em i strong b; a[!href]; img[alt,!src]';
+
+       editor.on('paste', function (e) {
+               var html = e.data.dataValue;
+               if (!/<[^>]* style="/.test(html) && !/<font/.test(html)) return;
+
+               // force pasteFilter on contents containing styling attributes
+               var filter = new CKEDITOR.filter(pastefilter),
+                       fragment = CKEDITOR.htmlParser.fragment.fromHtml(html),
+                       writer = new CKEDITOR.htmlParser.basicWriter();
+               filter.applyTo(fragment);
+               fragment.writeHtml(writer);
+               e.data.dataValue = writer.getHtml();
+       });
+
        editor.on('configLoaded', function () {
                var config = editor.config;
                config.language = 'nl';
@@ -53,7 +68,7 @@ CKEDITOR.on('instanceCreated', function (event) {
                config.allowedContent = true;
                config.entities = false; // keep unicode
                config.filebrowserImageUploadUrl = '/edit?type=img';
-               config.forcePasteAsPlainText = true;
+               config.pasteFilter = pastefilter;
                config.contentsCss = document.styleSheets[0].href;
                config.toolbar = [
                        ['Inlinesave', '-', 'Undo', 'Redo'],