Jump to:
| Project: | WYSIWYG Filter |
| Version: | 6.x-1.5 |
| Component: | User interface |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (won't fix) |
Issue Summary
My Web Site used to have a very simple filter that was not filtering class names. Now, many pages has different class names and there is too many pages to see them all one by one. I start to add rules to allow class names by pattern as I found new class but it because to be very annoying.
On my last attempt, I simply add multiple rules to allow every single class name but I'm afraid that will slow down the Web Site for nothing...
a*, b*, c*, ... y*, z*, A*, B*, C*, ... Y*, Z*
And even with all those rules, some class name are still striped...
According to W3C, there is a LOT more to consider than only a-z char on a class name:
http://www.w3.org/TR/CSS2/syndata.html#characters
[...] [class name] can contain only the characters [a-zA-Z0-9] and ISO 10646 characters U+00A1 and higher, plus the hyphen (-) and the underscore (_); they cannot start with a digit, or a hyphen followed by a digit. [...]
So, the class name 23 or -3r are not valid. However, the class name -r«3°C» IS valid (W3C rules, Firefox Browser and W3C Markup Validation Service accept it).
My request is to simply add a checkbox to allow the Bypass of the classname checking. I would be unchecked by default and has a description that explain Why it is so dangerous to bypass that check.
Comments
#1
NOTE: I made a function a few months ago to validate class names. Fell free to use it if you want.
/**
* Validate a CSS Class name according to W3C rules
* http://www.w3.org/TR/CSS2/syndata.html#characters
*
*/
define('_VALID', TRUE);
define('_START_WITH_DIGIT', -1);
define('_CONTAINS_WHITESPACE', -2);
define('_CONTAINS_INVALID_CHAR', -3);
function _validate_classname($classname) {
if (preg_match('/^[-]?[0-9]+/', $classname)) {
// Do not start a class name with a digit or hyphen followed by a digit
return _START_WITH_DIGIT;
} elseif (preg_match('/[\s\x{00A0}]/', $classname)) {
// No whitespace allow in a class name. It's treat separately because it's a common error.
// NOTE: Regexp algorithm (\s) do not include the no-break space (U+00A0)
// NOTE: Adding the no-break space itself instead of the Unicode code in the Regexp result in errors with some other characters...
return _CONTAINS_WHITESPACE;
} elseif (!preg_match('/^[a-zA-Z0-9\x{00A1}-\x{FFFF}_\-]+$/u', $classname)) {
// It can contain only the characters [a-zA-Z0-9] and ISO 10646 characters U+00A1 and higher, plus the hyphen (-) and the underscore (_)
// ISO 10646 characters U+00A1 and higher are define like this in regexp: /[\x{00A1}-\x{ffff}]/u
return _CONTAINS_INVALID_CHAR;
}
return _VALID;
}
#2
Requesting, also.
Great module... but this feature is greatly needed.
Thank you,
#3
2nd the above. must-have feature.
#4
I agree. Would make things easier on my site also, since only administrators are allowed to use write HTML anyway. Was also thinking to create rules like (a*, b*, c*, ... y*, z*, A*, B*, C*, ... Y*, Z*).
Checkbox would be nice.
#5
Also agreed. Entering every letter of the alphabet followed by an asterisk is way too cumbersome. Giving themers and developers the opportunity to simply allow any class name would be extremely helpful. [markus_petrux], please comment on this as it's been a long time since it was posted. Thanks.
#6
The reason to make this feature restrictive is that, at first, there should be no need to grant access to use CSS classes to end users, at least for a range of advanced editing scenarios.
Allowing a list of CSS class names is an advanced feature, meant to open just a few of them. Because if users can use almost any name, then they can use anything that's defined in site stylesheets, and that may break site layouts, or even allow users hide content, which might be a security issue.
If one needs to grant usage of so many CSS class names, I think alternatives to this module should be taken into consideration.
#7