-
Notifications
You must be signed in to change notification settings - Fork 535
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize Content Handler #1077
base: dev
Are you sure you want to change the base?
Sanitize Content Handler #1077
Conversation
The diff sanitizecontenthandler.js is a little big. I think you changed the indentation of the whole file. It would be good to avoid such steps when doing changes. Only modify the place you are changing. It is okay to have another pull request or commit that deals with the indentation. |
@Jotschi adding ?w=1 to the url has the same effect as |
Thanks for reviewing. The enhancement necessitated some code reorganization. If you diff with ?w=1 you will see that most of the change is more than just whitespace. |
|
||
function initSanitize (configAllows) { | ||
var | ||
filter = [ 'restricted', 'basic', 'relaxed' ], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was functionality in place to allow Aloha.settings.contentHandler.sanitize
to be either 'restricted', 'basic', or 'relaxed'. This change would remove this functionality. Is that intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This goal of this enhancement is to support both ways, the existing restricted, basic, or relaxed as well as sanitization config by editable element tag name, id, or class.
In the initDefault function, we look for what is configured in Aloha.settings.contentHandler.santitize
and use that for default config. This will maintain backward compatibility with existing configs.
var initDefault = function() {
var config = Aloha.defaults.sanitize.relaxed;
if (Aloha.settings.contentHandler) {
if (Aloha.settings.contentHandler.allows) {
config = Aloha.settings.contentHandler.allows;
} else if (Aloha.settings.contentHandler.sanitize && Aloha.defaults.sanitize[Aloha.settings.contentHandler.sanitize]) {
config = Aloha.defaults.sanitize[Aloha.settings.contentHandler.sanitize];
}
}
Then in the initEditableSpecific function we initialize any editable specific config that will take priority over the default restricted, basic , or relaxed if editable specific config is provided and it matches the current editable.
var initEditableSpecific = function() {
if (Aloha.settings.contentHandler &&
Aloha.settings.contentHandler.handler &&
Aloha.settings.contentHandler.handler.sanitize) {
var config, editableSelector;
for (editableSelector in Aloha.settings.contentHandler.handler.sanitize) {
if (Aloha.settings.contentHandler.handler.sanitize.hasOwnProperty(editableSelector)) {
config = Aloha.settings.contentHandler.handler.sanitize[editableSelector];
config.filters = filters;
editableSelector = normalizeTagName(editableSelector);
editableSelector = /^[\.#]/.test(editableSelector) ? editableSelector : editableSelector.toLowerCase();
map[editableSelector] = new Sanitize(config, jQuery);
}
}
}
};
I tried to convey this concept in the guide page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I get it now. The functionality is still there, except the inArray(Aloha.settings.contentHandler.sanitize, filter)
check was removed because it's unnecessary.
Can one of the admins verify this patch? |
@GenticsDev waiting for feedback. |
Admin please build this request |
Test FAILed. |
Admin please build this request |
Test PASSed. |
@deliminator Per your comment, I updated this PR to use the editable passed to handleContent() rather than Aloha.activeEditable. |
Admin please build this request |
✔ Test passed. |
Can one of the admins verify this patch? |
1 similar comment
Can one of the admins verify this patch? |
This pull request adds the ability to configure and run the Sanitize Content Handler by editable element tag name, in addition to element ID and class attribute functionality that exists today.
Additionally, the Sanitize Content Handler initialization and setup has been refactored to cache Sanitizers per config. Also, the relevant section in the plugin_contenthandler guide page has been cleanup up to match released implementation plus this enhancement.
This code has been tested across browsers by our QE.