edit: paste limited html, enforce filter on all events

Recent feature for more advanced restrictions, allowing rich text without
unwanted styling attributes.  Unfortunately, the filter is not applied for
"internal" sources which apparently includes Word in Linux, so manually
execute for any contaminated contents.

diff --git a/edit.js b/edit.js
index dfa4a6d099eee90f3cad28bd6f02e34933607eae..6dcb705cee1c72e649530d8b508ce518889338cc 100644 (file)
--- a/edit.js
+++ b/edit.js
@@ -45,6 +45,21 @@ CKEDITOR.on('dialogDefinition', function (event) {
 
 CKEDITOR.on('instanceCreated', function (event) {
        var editor = event.editor;
+       var pastefilter = 'h2 h3 p ul ol li blockquote em i strong b; a[!href]; img[alt,!src]';
+
+       editor.on('paste', function (e) {
+               var html = e.data.dataValue;
+               if (!/<[^>]* style="/.test(html) && !/<font/.test(html)) return;
+
+               // force pasteFilter on contents containing styling attributes
+               var filter = new CKEDITOR.filter(pastefilter),
+                       fragment = CKEDITOR.htmlParser.fragment.fromHtml(html),
+                       writer = new CKEDITOR.htmlParser.basicWriter();
+               filter.applyTo(fragment);
+               fragment.writeHtml(writer);
+               e.data.dataValue = writer.getHtml();
+       });
+
        editor.on('configLoaded', function () {
                var config = editor.config;
                config.language = 'nl';
@@ -53,7 +68,7 @@ CKEDITOR.on('instanceCreated', function (event) {
                config.allowedContent = true;
                config.entities = false; // keep unicode
                config.filebrowserImageUploadUrl = '/edit?type=img';
-               config.forcePasteAsPlainText = true;
+               config.pasteFilter = pastefilter;
                config.contentsCss = document.styleSheets[0].href;
                config.toolbar = [
                        ['Inlinesave', '-', 'Undo', 'Redo'],