CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getHtmlRestrictions example
// The resulting Editor config entity should be valid.
$violations = $this->validatePairToViolationsArray($updated_text_editor, $text_format, FALSE);
// At this point, the fundamental compatibility errors do not matter, they // have been checked above; whatever remains is expected. if (isset($violations[''])) {
unset($violations['']);
}
$this->assertSame([], $violations);
// If the text format has HTML restrictions, ensure that a strict superset // is allowed after switching to CKEditor 5. $html_restrictions = $text_format->getHtmlRestrictions();
if (is_array($html_restrictions) && array_key_exists('allowed', $html_restrictions)) {
$allowed_tags = HTMLRestrictions::fromTextFormat($text_format);
$enabled_plugins = array_keys($this->manager->getEnabledDefinitions($updated_text_editor));
$updated_allowed_tags = new HTMLRestrictions($this->manager->getProvidedElements($enabled_plugins, $updated_text_editor));
$unsupported_tags_attributes = $allowed_tags->diff($updated_allowed_tags);
$superset_tags_attributes = $updated_allowed_tags->diff($allowed_tags);
$this->assertSame($expected_superset, $superset_tags_attributes->toFilterHtmlAllowedTagsString());
$this->assertTrue($unsupported_tags_attributes->allowsNothing(), "The following tags/attributes are not allowed in the updated text format:" . implode(' ', $unsupported_tags_attributes->toCKEditor5ElementsArray()));
// Update the text format like ckeditor5_form_filter_format_form_alter() // would.
// At this point, the fundamental compatibility errors do not matter, they // have been checked above; whatever remains is expected. if (isset($violations[''])) {
unset($violations['']);
}
$this->assertSame([], $violations);
// If the text format has HTML restrictions, ensure that a strict superset // is allowed after switching to CKEditor 5. $html_restrictions = $text_format->getHtmlRestrictions();
if (is_array($html_restrictions) && array_key_exists('allowed', $html_restrictions)) {
$allowed_tags = HTMLRestrictions::fromTextFormat($text_format);
$enabled_plugins = array_keys($this->manager->getEnabledDefinitions($updated_text_editor));
$updated_allowed_tags = new HTMLRestrictions($this->manager->getProvidedElements($enabled_plugins, $updated_text_editor));
$unsupported_tags_attributes = $allowed_tags->diff($updated_allowed_tags);
$superset_tags_attributes = $updated_allowed_tags->diff($allowed_tags);
$this->assertSame($expected_superset, $superset_tags_attributes->toFilterHtmlAllowedTagsString());
$this->assertTrue($unsupported_tags_attributes->allowsNothing(), "The following tags/attributes are not allowed in the updated text format:" . implode(' ', $unsupported_tags_attributes->toCKEditor5ElementsArray()));
// Update the text format like ckeditor5_form_filter_format_form_alter() // would.
default:
throw new \OutOfBoundsException();
}
}
/** * {@inheritdoc} */
public function computeCKEditor5PluginSubsetConfiguration(string $cke5_plugin_id, FilterFormatInterface $text_format): ?array {
switch ($cke5_plugin_id) {
case 'ckeditor5_heading':
$restrictions = $text_format->getHtmlRestrictions();
if ($restrictions === FALSE) {
// The default is to allow all headings, which makes sense when there // are no restrictions. // @see \Drupal\ckeditor5\Plugin\CKEditor5Plugin\Heading::DEFAULT_CONFIGURATION return NULL;
}
// Otherwise, only enable headings that allowed by the restrictions. $configuration = [];
foreach (range(1, 6) as $index) {
// Merely checking the existence of the array key is sufficient; this // plugin does not set or need any additional attributes.
throw new \OutOfBoundsException();
}
}
/** * {@inheritdoc} */
public function computeCKEditor5PluginSubsetConfiguration(string $cke5_plugin_id, FilterFormatInterface $text_format): ?array {
switch ($cke5_plugin_id) {
case 'ckeditor5_heading':
$restrictions = $text_format->getHtmlRestrictions();
if ($restrictions === FALSE) {
// The default is to allow all headings, which makes sense when there // are no restrictions. // @see \Drupal\ckeditor5\Plugin\CKEditor5Plugin\Heading::DEFAULT_CONFIGURATION return NULL;
}
// Otherwise, only enable headings that allowed by the restrictions. $configuration = [];
foreach (range(1, 6) as $index) {
// Merely checking the existence of the array key is sufficient; this // plugin does not set or need any additional attributes.
/**
* Tests that HTML restrictions and filter types are correct.
*
* @covers \Drupal\filter\Entity\FilterFormat::getHtmlRestrictions
* @covers \Drupal\filter\Entity\FilterFormat::getFilterTypes
*/
public function testFilterFormatAPI() {
// Test on filtered_html. $filtered_html_format = FilterFormat::load('filtered_html');
$this->assertSame(
$filtered_html_format->getHtmlRestrictions(),
[
'allowed' => [
'p' => FALSE,
'br' => FALSE,
'strong' => FALSE,
'a' => ['href' => TRUE, 'hreflang' => TRUE],
'*' => ['style' => FALSE, 'on*' => FALSE, 'lang' => TRUE, 'dir' => ['ltr' => TRUE, 'rtl' => TRUE]],
],
],
'FilterFormatInterface::getHtmlRestrictions() works as expected for the filtered_html format.'
);
public function testFilterFormatAPI() {
// Test on filtered_html. $filtered_html_format = FilterFormat::load('filtered_html');
$this->assertSame(
$filtered_html_format->getHtmlRestrictions(),
[
'allowed' => [
'p' => FALSE,
'br' => FALSE,
'strong' => FALSE,
'a' => ['href' => TRUE, 'hreflang' => TRUE],
'*' => ['style' => FALSE, 'on*' => FALSE, 'lang' => TRUE, 'dir' => ['ltr' => TRUE, 'rtl' => TRUE]],
],
],
'FilterFormatInterface::getHtmlRestrictions() works as expected for the filtered_html format.'
);
// Simply blacklisting these five dangerous tags would bring safety, but
// also user frustration: what if a text format is configured to allow
// <embed>, for example? Then we would strip that tag, even though it is
// allowed, thereby causing data loss!
// Therefore, we want to be smarter still. We want to take into account
// which HTML tags are allowed by the text format we're filtering for, and
// if we're switching from another text format, we want to take that
// format's allowed tags into account as well.
// In other words: we only expect markup allowed in both the original and
// the new format to continue to exist.
$format_restrictions = $format->getHtmlRestrictions();
if ($original_format !== NULL) {
$original_format_restrictions = $original_format->getHtmlRestrictions();
}
// Any tags that are explicitly whitelisted by the text format must be // removed from the list of default dangerous tags: if they're explicitly // allowed, then we must respect that configuration. // When switching from another format, we must use the intersection of // allowed tags: if either format is more restrictive, then the safety // expectations of *both* formats apply. $allowed_tags = self::getAllowedTags($format_restrictions);
if ($original_format !== NULL) {
$original_format_restrictions = $original_format->getHtmlRestrictions();
}
// Any tags that are explicitly whitelisted by the text format must be // removed from the list of default dangerous tags: if they're explicitly // allowed, then we must respect that configuration. // When switching from another format, we must use the intersection of // allowed tags: if either format is more restrictive, then the safety // expectations of *both* formats apply. $allowed_tags = self::getAllowedTags($format_restrictions);
$configuration['settings']['allowed_html'] = preg_replace('/\s+/', ' ', $configuration['settings']['allowed_html']);
}
parent::setConfiguration($configuration);
// Force restrictions to be calculated again. $this->restrictions = NULL;
}
/** * {@inheritdoc} */
public function process($text, $langcode) {
$restrictions = $this->getHtmlRestrictions();
// Split the work into two parts. For filtering HTML tags out of the content // we rely on the well-tested Xss::filter() code. Since there is no '*' tag // that needs to be removed from the list. unset($restrictions['allowed']['*']);
$text = Xss::filter($text, array_keys($restrictions['allowed']));
// After we've done tag filtering, we do attribute and attribute value // filtering as the second part. return new FilterProcessResult($this->filterAttributes($text));
}
/** * Provides filtering of tag attributes into accepted HTML. * * @param string $text * The HTML text string to be filtered. * * @return string * Filtered HTML with attributes filtered according to the settings. */
}
parent::setConfiguration($configuration);
// Force restrictions to be calculated again. $this->restrictions = NULL;
}
/** * {@inheritdoc} */
public function process($text, $langcode) {
$restrictions = $this->getHtmlRestrictions();
// Split the work into two parts. For filtering HTML tags out of the content // we rely on the well-tested Xss::filter() code. Since there is no '*' tag // that needs to be removed from the list. unset($restrictions['allowed']['*']);
$text = Xss::filter($text, array_keys($restrictions['allowed']));
// After we've done tag filtering, we do attribute and attribute value // filtering as the second part. return new FilterProcessResult($this->filterAttributes($text));
}
/** * Provides filtering of tag attributes into accepted HTML. * * @param string $text * The HTML text string to be filtered. * * @return string * Filtered HTML with attributes filtered according to the settings. */
private function addToolbarItemsToMatchHtmlElementsInFormat(FilterFormatInterface $format, EditorInterface $editor): ?array {
$html_restrictions_needed_elements = $format->getHtmlRestrictions();
if ($html_restrictions_needed_elements === FALSE) {
return NULL;
}
$all_definitions = $this->pluginManager->getDefinitions();
$enabled_definitions = $this->pluginManager->getEnabledDefinitions($editor);
$disabled_definitions = array_diff_key($all_definitions, $enabled_definitions);
$enabled_plugins = array_keys($enabled_definitions);
$provided_elements = $this->pluginManager->getProvidedElements($enabled_plugins, $editor);
$provided = new HTMLRestrictions($provided_elements);
$needed = HTMLRestrictions::fromTextFormat($format);
elseif ($definition->hasToolbarItems()) {
if (empty(array_intersect($editor->getSettings()['toolbar']['items'], array_keys($definition->getToolbarItems())))) {
unset($definitions[$plugin_id]);
}
}
}
// Only enable the arbitrary HTML Support plugin on text formats with no // HTML restrictions. // @see https://ckeditor.com/docs/ckeditor5/latest/api/html-support.html // @see https://github.com/ckeditor/ckeditor5/issues/9856 if ($editor->getFilterFormat()->getHtmlRestrictions() !== FALSE) {
unset($definitions['ckeditor5_arbitraryHtmlSupport']);
}
// Evaluate `plugins` condition. foreach ($definitions_with_plugins_condition as $plugin_id => $definition) {
if (!empty(array_diff($definition->getConditions()['plugins'], array_keys($definitions)))) {
unset($definitions[$plugin_id]);
}
}
if (!isset($definitions['ckeditor5_arbitraryHtmlSupport'])) {
if (empty(array_intersect($editor->getSettings()['toolbar']['items'], array_keys($definition->getToolbarItems())))) {
unset($definitions[$plugin_id]);
}
}
}
// Only enable the arbitrary HTML Support plugin on text formats with no // HTML restrictions. // @see https://ckeditor.com/docs/ckeditor5/latest/api/html-support.html // @see https://github.com/ckeditor/ckeditor5/issues/9856 if ($editor->getFilterFormat()->getHtmlRestrictions() !== FALSE) {
unset($definitions['ckeditor5_arbitraryHtmlSupport']);
}
// Evaluate `plugins` condition. foreach ($definitions_with_plugins_condition as $plugin_id => $definition) {
if (!empty(array_diff($definition->getConditions()['plugins'], array_keys($definitions)))) {
unset($definitions[$plugin_id]);
}
}
if (!isset($definitions['ckeditor5_arbitraryHtmlSupport'])) {