From ad32b121c6047d9355860ae7864c148404b30b15 Mon Sep 17 00:00:00 2001 From: Yura Bakhtin Date: Thu, 30 Jun 2022 07:09:07 +0300 Subject: [PATCH 1/4] Allow script tags in TinyMCE editor --- docs/CHANGELOG.md | 4 ++++ module.json | 2 +- widgets/TinyMce.php | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 13577936..d4fb2322 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,6 +1,10 @@ Changelog ========= +1.6.4 (Unreleased) +--------------------- +- Fix #220: Allow script tags in TinyMCE editor + 1.6.3 (June 29, 2022) --------------------- - Fix #221: Rendering of TinyMCE on edit richtext element of template diff --git a/module.json b/module.json index 1486486c..22327780 100644 --- a/module.json +++ b/module.json @@ -3,7 +3,7 @@ "name": "Custom Pages", "description": "Allows admins to create custom pages (html or markdown) or external links to various navigations (e.g. top navigation, account menu).", "keywords": ["pages", "custom", "iframe", "markdown", "link", "navigation", "spaces"], - "version": "1.6.3", + "version": "1.6.4", "homepage": "https://github.com/humhub/custom-pages", "humhub": { "minVersion": "1.10" diff --git a/widgets/TinyMce.php b/widgets/TinyMce.php index 98d9d3ae..43b593d5 100644 --- a/widgets/TinyMce.php +++ b/widgets/TinyMce.php @@ -42,6 +42,7 @@ private function initDefaults() 'plugins' => ['code', 'autolink', 'link', 'image', 'lists', 'fullscreen', 'table', 'wordcount'], 'toolbar' => 'undo redo | wrapper blocks | bold italic | alignleft aligncenter alignright alignjustify' . $humhubTriggerToolbar . ' | removeformat | code', 'content_style' => '.img-responsive {display:block;max-width:100%;height:auto}', + 'extended_valid_elements' => 'script[src|async|defer|type|language|charset|id|crossorigin|fetchpriority|integrity|nomodule|nonce|referrerpolicy]', 'external_plugins' => $external_plugins, 'wrapper' => [ 'text' => Yii::t('CustomPagesModule.base', 'Panel'), From c508d8ab742969bd7eb878b57f7e9caea50b403b Mon Sep 17 00:00:00 2001 From: Lucas Bartholemy Date: Thu, 30 Jun 2022 11:13:49 +0200 Subject: [PATCH 2/4] Update TinyMce.php --- widgets/TinyMce.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/widgets/TinyMce.php b/widgets/TinyMce.php index 43b593d5..57bdb0f7 100644 --- a/widgets/TinyMce.php +++ b/widgets/TinyMce.php @@ -42,7 +42,7 @@ private function initDefaults() 'plugins' => ['code', 'autolink', 'link', 'image', 'lists', 'fullscreen', 'table', 'wordcount'], 'toolbar' => 'undo redo | wrapper blocks | bold italic | alignleft aligncenter alignright alignjustify' . $humhubTriggerToolbar . ' | removeformat | code', 'content_style' => '.img-responsive {display:block;max-width:100%;height:auto}', - 'extended_valid_elements' => 'script[src|async|defer|type|language|charset|id|crossorigin|fetchpriority|integrity|nomodule|nonce|referrerpolicy]', + 'valid_elements' => '*[*]', 'external_plugins' => $external_plugins, 'wrapper' => [ 'text' => Yii::t('CustomPagesModule.base', 'Panel'), @@ -50,4 +50,4 @@ private function initDefaults() ] ], $this->clientOptions); } -} \ No newline at end of file +} From b70d385a4a8880c395c574847177d6f6dab06f1f Mon Sep 17 00:00:00 2001 From: Lucas Bartholemy Date: Thu, 30 Jun 2022 11:14:26 +0200 Subject: [PATCH 3/4] Update CHANGELOG.md --- docs/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index d4fb2322..05395d47 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -3,7 +3,7 @@ Changelog 1.6.4 (Unreleased) --------------------- -- Fix #220: Allow script tags in TinyMCE editor +- Fix #220: Allow all HTML tags in TinyMCE editor 1.6.3 (June 29, 2022) --------------------- From 3c675f6cdd5efdbdce2aed1f13c22b105422071e Mon Sep 17 00:00:00 2001 From: Lucas Bartholemy Date: Thu, 30 Jun 2022 11:14:39 +0200 Subject: [PATCH 4/4] Update CHANGELOG.md --- docs/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 05395d47..54f832b1 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,7 +1,7 @@ Changelog ========= -1.6.4 (Unreleased) +1.6.4 (June 30, 2022) --------------------- - Fix #220: Allow all HTML tags in TinyMCE editor