I need help figuring out how to allow CSS style tags in posts. I don't want to allow javascript, just CSS. I found
an old fix for this but the coding is different for 1.8 and I'm not sure what to do. Could someone please assist? I understand there are risks involved (that's why I only want to allow CSS and not javascript). Users on my forum use css for post formatting and they're already getting around the built-in limits by saving their stylesheets on google drive. It would be MUCH MUCH simpler to just allow it in the post.
I'm pretty sure the code is located in
inc/class_parser.php
// Replace base, meta,script and style tags in our post - these are > dangerous <
$message = preg_replace('#<(/?)(base|meta|script|style)([^>]*)>#i', '<$1$2$3>', $message);
$message = $this->fix_javascript($message);
$find = array("<br />\n", "<br>\n");
$replace = array("\n", "\n");
$message = str_replace($find, $replace, $message);
}
but I'm not sure how to edit this section to correctly allow and display the css instead of showing it as plaintext. Could someone help please? is that all I need to edit to fix this or something else?
Example of what I want to fix: user puts in their post something like the below code. It should run the css but instead it is showing the css as plaintext. I want to fix this please :
<style type="text/css">.bluetable {
width: 700px;
padding: 100px 50px 50px 50px;
background: #0d1335;
color: #3c5cac; }</style>
<div class="bluetable"> text example here example </div>
inc/class_parser.php
// Replace base, meta,script and style tags in our post - these are > dangerous <
$message = preg_replace('#<(/?)(base|meta|script|style)([^>]*)>#i', '<$1$2$3>', $message);
$message = $this->fix_javascript($message);
$find = array("<br />\n", "<br>\n");
$replace = array("\n", "\n");
$message = str_replace($find, $replace, $message);
}
replace with
// Replace base, meta,script and style tags in our post - these are > dangerous <
$message = preg_replace('#<(/?)(base|meta|script)([^>]*)>#i', '<$1$2$3>', $message);
$message = $this->fix_javascript($message);
$find = array("<br />\n", "<br>\n");
$replace = array("\n", "\n");
$message = str_replace($find, $replace, $message);
}
Not Working , i checked it with allowing html in posts in all my forum . Only the test inside <div>Text </div> appears not the styles that i have written in style tags .
(2023-07-12, 05:20 AM)PARADOX987 Wrote: [ -> ]Not Working , i checked it with allowing html in posts in all my forum . Only the test inside <div>Text </div> appears not the styles that i have written in style tags .
Make sure that the style statements continue on one line without a line break.
Example:
This works
<div class="xyz">xyz class!</div><div class="test">test class!</div>
<style>.xyz { background: red; padding: 5px; } .test { background: blue; padding: 35px; }</style>
This will not work
<div class="xyz">xyz class!</div><div class="test">test class!</div>
<style>
.xyz {
background: red; padding: 5px;
}
.test {
background: blue; padding: 35px;
}
</style>
oh i got it... now it works...
so basically it doesn't work on line break so can't be it done that it will work on line break ?
(2023-07-12, 09:33 AM)PARADOX987 Wrote: [ -> ]...so can't be it done that it will work on line break ?
You can try
this.
Maybe it solves the problem with the line breaks, but i have not tested.
Nope , applied the patch but still doesn't work the css line breaking.
The editor assumes all line breaks are <br> tags. You and/or your users will need to minify the CSS to remove all line breaks to avoid the <br> tag being added to the parsed messages.
If you need to do more than simple search and replace, use preg_replace_callback instead of preg_replace. This passes the matches to an external function where you can execute some pretty sophisticated code. I've implemented [rainbow], [marquee], [blink], [gradient], [spoiler], and [sound] that way.
(2023-07-14, 11:06 PM)Devastatia Wrote: [ -> ]If you need to do more than simple search and replace, use preg_replace_callback instead of preg_replace. This passes the matches to an external function where you can execute some pretty sophisticated code. I've implemented [rainbow], [marquee], [blink], [gradient], [spoiler], and [sound] that way.
so , how the codes will be look like ?