Ticket #9059: protect_source.patch
File protect_source.patch, 7.1 KB (added by , 13 years ago) |
---|
-
plugins/htmldataprocessor/plugin.js
93 93 // We just avoid filler in <pre> right now. 94 94 // TODO: Support filler for <pre>, line break is also occupy line height. 95 95 delete blockLikeTags.pre; 96 97 function wrapAsComment(element) 98 { 99 var writer = new CKEDITOR.htmlParser.basicWriter(); 100 element.writeHtml( writer ); 101 var html = writer.getHtml(); 102 return new CKEDITOR.htmlParser.comment(protectedSourceMarker + 103 encodeURIComponent(html).replace(/--/g, 104 "%2D%2D")); 105 } 106 96 107 var defaultDataFilterRules = 97 108 { 98 elements : {}, 109 elements : { 110 // protect source using html parser 111 script:wrapAsComment, 112 noscript:wrapAsComment 113 }, 99 114 attributeNames : 100 115 [ 101 116 // Event attributes (onXYZ) must not be directly set. They can become … … 245 260 // Remove all class names starting with "cke_". 246 261 return CKEDITOR.tools.ltrim( value.replace( /(?:^|\s+)cke_[^\s]*/g, '' ) ) || false; 247 262 } 248 } 263 }, 264 comment:function(contents){ 265 // If this is a comment for protected source. 266 // unprotect source using html parser 267 if (contents.substr(0, protectedSourceMarker.length) == protectedSourceMarker) { 268 contents = decodeURIComponent(contents.substr(protectedSourceMarker.length)); 269 var el = CKEDITOR.htmlParser.fragment.fromHtml(contents).children[0]; 270 if(el.children&&el.children[0]) 271 { 272 el.children[0].value=CKEDITOR.tools.trim(el.children[0].value); 273 } 274 return el; 275 } 276 return contents; 277 } 249 278 }; 250 279 251 280 if ( CKEDITOR.env.ie ) … … 294 323 var protectElementsRegex = /(?:<style(?=[ >])[^>]*>[\s\S]*<\/style>)|(?:<(:?link|meta|base)[^>]*>)/gi, 295 324 encodedElementsRegex = /<cke:encoded>([^<]*)<\/cke:encoded>/gi; 296 325 297 var protectElementNamesRegex = /(<\/?)((?:object|embed|param|html|body|head|title )[^>]*>)/gi,298 unprotectElementNamesRegex = /(<\/?)cke:((?: html|body|head|title)[^>]*>)/gi;326 var protectElementNamesRegex = /(<\/?)((?:object|embed|param|html|body|head|title|script|noscript)[^>]*>)/gi, 327 unprotectElementNamesRegex = /(<\/?)cke:((?:object|embed|param|html|body|head|title|script|noscript)[^>]*>)/gi; 299 328 300 329 var protectSelfClosingRegex = /<cke:(param|embed)([^>]*?)\/?>(?!\s*<\/cke:\1)/gi; 301 330 … … 351 380 return html.replace( /(<pre\b[^>]*>)(\r\n|\n)/g, '$1$2$2' ); 352 381 } 353 382 354 function protectRealComments( html )355 {356 return html.replace( /<!--(?!{cke_protected})[\s\S]+?-->/g, function( match )357 {358 return '<!--' + protectedSourceMarker +359 '{C}' +360 encodeURIComponent( match ).replace( /--/g, '%2D%2D' ) +361 '-->';362 });363 }364 365 function unprotectRealComments( html )366 {367 return html.replace( /<!--\{cke_protected\}\{C\}([\s\S]+?)-->/g, function( match, data )368 {369 return decodeURIComponent( data );370 });371 }372 373 function unprotectSource( html, editor )374 {375 var store = editor._.dataStore;376 377 return html.replace( /<!--\{cke_protected\}([\s\S]+?)-->/g, function( match, data )378 {379 return decodeURIComponent( data );380 }).replace( /\{cke_protected_(\d+)\}/g, function( match, id )381 {382 return store && store[ id ] || '';383 });384 }385 386 function protectSource( data, editor )387 {388 var protectedHtml = [],389 protectRegexes = editor.config.protectedSource,390 store = editor._.dataStore || ( editor._.dataStore = { id : 1 } ),391 tempRegex = /<\!--\{cke_temp(comment)?\}(\d*?)-->/g;392 393 var regexes =394 [395 // Script tags will also be forced to be protected, otherwise396 // IE will execute them.397 ( /<script[\s\S]*?<\/script>/gi ),398 399 // <noscript> tags (get lost in IE and messed up in FF).400 /<noscript[\s\S]*?<\/noscript>/gi401 ]402 .concat( protectRegexes );403 404 // First of any other protection, we must protect all comments405 // to avoid loosing them (of course, IE related).406 // Note that we use a different tag for comments, as we need to407 // transform them when applying filters.408 data = data.replace( (/<!--[\s\S]*?-->/g), function( match )409 {410 return '<!--{cke_tempcomment}' + ( protectedHtml.push( match ) - 1 ) + '-->';411 });412 413 for ( var i = 0 ; i < regexes.length ; i++ )414 {415 data = data.replace( regexes[i], function( match )416 {417 match = match.replace( tempRegex, // There could be protected source inside another one. (#3869).418 function( $, isComment, id )419 {420 return protectedHtml[ id ];421 }422 );423 424 // Avoid protecting over protected, e.g. /\{.*?\}/425 return ( /cke_temp(comment)?/ ).test( match ) ? match426 : '<!--{cke_temp}' + ( protectedHtml.push( match ) - 1 ) + '-->';427 });428 }429 data = data.replace( tempRegex, function( $, isComment, id )430 {431 return '<!--' + protectedSourceMarker +432 ( isComment ? '{C}' : '' ) +433 encodeURIComponent( protectedHtml[ id ] ).replace( /--/g, '%2D%2D' ) +434 '-->';435 }436 );437 438 // Different protection pattern is used for those that439 // live in attributes to avoid from being HTML encoded.440 return data.replace( /(['"]).*?\1/g, function ( match )441 {442 return match.replace( /<!--\{cke_protected\}([\s\S]+?)-->/g, function( match, data )443 {444 store[ store.id ] = decodeURIComponent( data );445 return '{cke_protected_'+ ( store.id++ ) + '}';446 });447 });448 }449 450 383 CKEDITOR.plugins.add( 'htmldataprocessor', 451 384 { 452 385 requires : [ 'htmlwriter' ], … … 487 420 { 488 421 toHtml : function( data, fixForBody ) 489 422 { 490 // The source data is already HTML, but we need to clean491 // it up and apply the filter.492 423 493 data = protectSource( data, this.editor );494 495 424 // Before anything, we must protect the URL attributes as the 496 425 // browser may changing them when setting the innerHTML later in 497 426 // the code. … … 529 458 530 459 data = unprotectElements( data ); 531 460 532 // Restore the comments that have been protected, in this way they533 // can be properly filtered.534 data = unprotectRealComments( data );535 536 461 // Now use our parser to make further fixes to the structure, as 537 462 // well as apply the filter. 538 463 var fragment = CKEDITOR.htmlParser.fragment.fromHtml( data, fixForBody ), … … 541 466 fragment.writeHtml( writer, this.dataFilter ); 542 467 data = writer.getHtml( true ); 543 468 544 // Protect the real comments again.545 data = protectRealComments( data );546 547 469 return data; 548 470 }, 549 471 … … 558 480 559 481 var data = writer.getHtml( true ); 560 482 561 // Restore those non-HTML protected source. (#4475,#4880)562 data = unprotectRealComments( data );563 data = unprotectSource( data, this.editor );564 565 483 return data; 566 484 } 567 485 };