search

partridgejiang / Kekule.js

A Javascript cheminformatics toolkit.
http://partridgejiang.github.io/Kekule.js
MIT License
248 stars 61 forks source link

Moodle new Kekule.js Loader Filter problem #269

Open registerme1963 opened 2 years ago

registerme1963 commented 2 years ago

As moodle admin I enabled the filter, and disabled the Kekule.js injector block. The problem comes when I tried to add structure in to forum posts. When I save a forum post after adding the structure from chemeditor, it strips <img tag and kekule-widget text. this seems to happen only in forum post. This did not change even after adding hidden injector block in the course.

As exams are scheduled from today evening onwards, I need some immediate solution. Thanks for your cooperation regards

partridgejiang commented 2 years ago

Hi @registerme1963, the forum mod in Moodle applies HTML purifier for the post by default, which erases all img tags inserted with Kekule plugin. For a quick (and dirty) workaround, you may modify the a piece of PHP code of Moodle to disable to purifier.

In /lib/weblib.php, about line 1709, you may find function clean_text. Inside it, modify the following code:

if (is_purify_html_necessary($text)) {
   $text = purify_html($text, $options);
}

to:

if (is_purify_html_necessary($text)) {
   // $text = purify_html($text, $options);
}

So that the purifier will be bypassed. Do not forget to change back the code after all chem objects being inserted to forum.

registerme1963 commented 2 years ago

Thanks it works, but if I change back, all chem objects disappear, it seems that this change needs to be permanent. I will go with this work around till I complete my examination, but this is dangerous for moodle. Need an alternative way. Thanks for fast response, really enjoying your plugin in moodle

partridgejiang commented 2 years ago

After checking the Moodle documents for a while, the better and official solution is to turn on the trusted Content permission for certain user account, afterwards, the message posted by this account will not be purified anymore. Please refer to: https://docs.moodle.org/27/en/Capabilities/moodle/site:trustcontent .

registerme1963 commented 2 years ago

I saw that, but it is not possible for moodle admin to enable one by one on individual requests. Why not have some regex pattern like "src="(data:image\/[^;]+;base64[^"]+)" along with kekule related tags and add them to /lib/weblib.php for the time being?

registerme1963 commented 2 years ago

something like /src="(data:image\/[^;]+;base64[^*]+Kekule[^*]+K-Transparent-Background"\>)/i and not to filter this pattern in /lib/weblib.php

The image from kekule editor gives the following in moodle: <img src="data:image/png;base64, ......" style="width .... data-kekule-widget="Kekule.ChemWidget.Viewer" data-render-type="2" data-chem-obj="{&quot;id .....class=" KekuleChemObjViewer K-Transparent-Background">

partridgejiang commented 2 years ago

The trusted Content permission seems to be appliable to user groups, not need to be set to user one by one. And the /lib/weblib.php is within the core modules of Moodle, it is better not to change it from a third-party plugin, :).

registerme1963 commented 2 years ago

I understand, I'm the admin and also a course teacher, but kekule structure gets stripped for me. Presently I commented out the purify_html line to complete the examination. Please suggest some workaround with kekulejs filter settings Thanks for your efforts

registerme1963 commented 2 years ago

I tried to add student/authenticated roles for trusted content, but still it strips off the kekule structure. So went back and commented out the purify_html line. If this is case, then students cannot use this atto plugin in moodle freely. Do you have any alternate solution without changing the moodle core code

partridgejiang commented 2 years ago

After checking the HTML purifier code in Moodle for a while, I myself found it was hard coded and unable to be customizable (I'll be very happy if my conclusion is wrong). So you may really have to modify lib/weblib.php directly, :(. In function `purify_html`` (about line 1776 of weblib.php), two places need to be changed. At about line 1832,$config->set('URI.AllowedSchemes'...)is used to set the allowed URI protocals. In the end of the last array parameter, add a line to enable to thedata``` protocal:

$config->set('URI.AllowedSchemes', array(
  'http' => true,
  'https' => true,
  // ...
  'mailto' => true,
  'data' => true
));

Down to about line 1862, inside the block of if ($def = $config->maybeGetRawHTMLDefinition()), add the following lines to allow extra attributes of img element exported by Kekule:

$def->addAttribute('img', 'data-chem-obj', 'Text');
$def->addAttribute('img', 'data-kekule-widget', 'Text');
$def->addAttribute('img', 'data-render-type', 'Text');
$def->addAttribute('img', 'data-draw-options', 'Text');
$def->addAttribute('img', 'data-predefined-setting', 'Text');
$def->addAttribute('img', 'data-auto-size', 'Text');
$def->addAttribute('img', 'data-autofit', 'Text');
$def->addAttribute('img', 'data-background-color', 'Text');
$def->addAttribute('img', 'style', 'Text');
$def->addAttribute('img', 'class', 'Text');
$def->addAttribute('img', 'width', 'Text');
$def->addAttribute('img', 'height', 'Text');

With all those modifications, do not forget to purge the cache of Moodle. After that, the plugin can work in forum properly with HTML purifier enabled.

registerme1963 commented 2 years ago

This works throughout the site, thank you. I also submitted your suggestion to Moodle forum to enable custom attributes setting to disable html purifier without editing the core code. I will submit the response here when I get something Thanks for your kind help