Item11603: protect inline script and style tags from wysiwyg, update …

…docco about WYSIWYG_EXCLUDE - it _does_ affect TinyMCE git-svn-id: http://svn.foswiki.org/branches/Release01x01@14208 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Mar 5, 2012 · 02ec085 · 02ec085
1 parent 9084819
commit 02ec085
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 11 deletions.
diff --git a/WysiwygPlugin/data/System/WysiwygPlugin.txt b/WysiwygPlugin/data/System/WysiwygPlugin.txt
@@ -185,14 +185,16 @@ Many thanks to the following sponsors for supporting this work:
 
 |  Author: | [[http://c-dot.co.uk][Crawford Currie]], Foswiki Contributors |
 |  Copyright | &copy; ILOG 2005 http://www.ilog.fr %BR% \
-               &copy; 2008-2011 Foswiki Contributors |
+               &copy; 2008-2012 Foswiki Contributors |
 |  License | [[http://www.gnu.org/licenses/gpl.html][GPL (Gnu General Public License)]] |
 |  Version: | %$VERSION% |
 |  Release: | %$RELEASE% |
 |  Change History: | |
-|  05 Dec 2011 (1.1.3) | Version released with Foswiki 1.1.4. Minor changes related to perl changes.|
-|  11 Apr 2011 (1.1.2) | Version released with Foswiki 1.1.3. Only a minor change related to how the plugin is being upgraded |
-|  19 Jan 2011 (1.1.1) | Foswikitask:Item10271: Switch to x.y.z release numbering %BR% \
+|  1.1.5 (31 Mar 2012) | Foswikitask:Item11603: protect inline script and style tags from wysiwyg |
+|  1.1.4 (28 Feb 2012) | Foswikitask:Item11378: support pass-through of DEL and INS tags |
+|  1.1.3 (08 Nov 2011) | Foswikitask:Item2174: Fix WysiwygPlugin eating newlines inside =%MACRO{...}= expressions (Michael Tempest) |
+|  1.1.2 (11 Apr 2011) | Version released with Foswiki 1.1.3. Only a minor change related to how the plugin is being upgraded |
+|  1.1.1 (19 Jan 2011) | Foswikitask:Item10271: Switch to x.y.z release numbering %BR% \
                          Foswikitask:Item10048: Try to use Macros in the src URLs of images with titles %BR% \
                          Foswikitask:Item9973: Fix attachments REST handler to deal with topics named with international characters %BR%\
                          Foswikitask:Item1391: Protect div and span tags with =style= attributes |

diff --git a/WysiwygPlugin/data/System/WysiwygPluginSettings.txt b/WysiwygPlugin/data/System/WysiwygPluginSettings.txt
@@ -2,14 +2,14 @@
 ---+ Settings for WysiwygPlugin that are common to most editor integrations
 %STARTINCLUDE%
 ---++++ WYSIWYG_EXCLUDE - Prevent WYSIWYG editing 
-<blockquote class="foswikiHelp">%X% This is not supported currently by the !TinyMCE Editor.  This setting is not used.</blockquote>
-
-The *global* [[%SYSTEMWEB%.PreferenceSettings][preference setting]] =WYSIWYG_EXCLUDE= can be set to make the plugin sensitive to what is in a topic, before allowing it to be edited. You can set it up to veto an edit if the topic contains:
+The *global* [[%SYSTEMWEB%.PreferenceSettings][preference setting]] =WYSIWYG_EXCLUDE= can be set to make the plugin sensitive to what is in a topic, before allowing it to be edited. The comma separated list to fall back to text edit can include:
    * =html= - HTML tags (e.g. =&lt;div&gt;=, not including &lt;br&gt;), or 
    * =macros= - simple macros (e.g. =%<nop>VAR%=) or 
    * =calls= - macros with parameters e.g. =%<nop>MACRO{...}%=
    * =pre= blocks (=&lt;pre&gt;=)
    * HTML =comments= (=&lt;!--= ... =--&gt;=)
+   * =script= = inline HTML Script tags - _default_
+   * =style= = inline Css style tags - _default_
 If the plugin detects an excluded construct in the topic, it will refuse to allow the edit and will redirect to the default editor.
 ---+++++ WYSIWYG_EDITABLE_CALLS - Exceptions to WYSIWYG_EXCLUDE
 If you excluded =calls= in =WYSIWYG_EXCLUDE=, you can still define a subset of macros that do *not* block edits. this is done in the *global* [[%SYSTEMWEB%.PreferenceSettings][preference setting]] =WYSIWYG_EDITABLE_CALLS=, which should be a list of macro names separated by vertical bars, with no spaces, e.g: =* Set WYSIWYG_EDITABLE_CALLS = COMMENT|CALENDAR|INCLUDE=

diff --git a/WysiwygPlugin/lib/Foswiki/Plugins/WysiwygPlugin.pm b/WysiwygPlugin/lib/Foswiki/Plugins/WysiwygPlugin.pm
@@ -31,7 +31,7 @@ our $SHORTDESCRIPTION  = 'Translator framework for WYSIWYG editors';
 our $NO_PREFS_IN_TOPIC = 1;
 our $VERSION           = '$Rev$';
 
-our $RELEASE = '1.1.3';
+our $RELEASE = '1.1.5';
 
 our %xmltag;
 
@@ -119,9 +119,9 @@ sub wysiwygEditingDisabledForThisContent {
     my $exclusions = $_[1];
     unless ( defined($exclusions) ) {
         $exclusions = Foswiki::Func::getPreferencesValue('WYSIWYG_EXCLUDE')
-          || '';
+          || 'script,style';
     }
-
+    
     # Check for explicit exclusions before generic, non-configurable
     # purely content-related reasons for exclusion
     if ($exclusions) {
@@ -160,6 +160,16 @@ sub wysiwygEditingDisabledForThisContent {
               if (WHY);
             return "Text contains PRE";
         }
+        if ( $exclusions =~ /script/ && $_[0] =~ /<script\W/ ) {
+            print STDERR "WYSIWYG_DEBUG: has script\n"
+              if (WHY);
+            return "Text contains script";
+        }
+        if ( $exclusions =~ /style/ && $_[0] =~ /<style\w/ ) {
+            print STDERR "WYSIWYG_DEBUG: has style\n"
+              if (WHY);
+            return "Text contains style";
+        }
     }
 
     # Copy the content.
@@ -284,7 +294,7 @@ sub modifyHeaderHandler {
 __END__
 Module of Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 
-Copyright (C) 2008-2009 Foswiki Contributors. Foswiki Contributors
+Copyright (C) 2008-2012 Foswiki Contributors. Foswiki Contributors
 are listed in the AUTHORS file in the root of this distribution.
 NOTE: Please extend that file, not this notice.