Closed NicholasJohn16 closed 8 years ago
JoshyPHP
commented
8 years ago You can set the attribute values within quotes, either single or double. For example:
[font='Lato, "Helvetica Neue", Helvetica, Arial, sans-serif']...[/font]You can also escape quotes with a backslash if nececessary:
[font="Lato, \"Helvetica Neue\", Helvetica, Arial, sans-serif"]...[/font]I'm curious about that [font] tag, where is it from? What software accepts this kind of syntax?
JoshyPHP
commented
8 years ago I've checked and the issue isn't with parsing the attribute value. Your BBCode definition probably does not allow quotes in the value itself and rejects it. Your best bet may be to simply not use quotes since they're not required in CSS.
[font=Lato, Helvetica Neue, Helvetica, Arial, sans-serif]...[/font]
NicholasJohn16
commented
8 years ago This is from the BBCode repository: https://github.com/s9e/TextFormatter/blob/master/src/Plugins/BBCodes/Configurator/repository.xml#L200-L205
I'm migrating my forum from another parser to yours. The previous parser supported this functionality. Either I need to fix the tag definition or fix thousands of posts. Is there any way to automatically escape the quotes or filter out that font so it isn't rejected?
JoshyPHP
commented
8 years ago I'm migrating my forum from another parser to yours.
That's the part I'm interested in. What is that parser? Is that something that's available online?
Otherwise, you can use your own [font] BBCode that accepts anything as a value. It may be unsafe, though so... caveat emptor.
use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
$configurator = new s9e\TextFormatter\Configurator;
$configurator->BBCodes->addCustom(
'[font family={TEXT1}]{TEXT2}[/font]',
new UnsafeTemplate('<span style="font-family:{TEXT1}">{TEXT2}</span>')
);
extract($configurator->finalize());
$text = '[font=Lato, "Helvetica Neue", Helvetica, Arial, sans-serif]...[/font]';
$xml = $parser->parse($text);
$html = $renderer->render($xml);
die("$html\n");<span style='font-family:Lato, "Helvetica Neue", Helvetica, Arial, sans-serif'>...</span>Thanks for the example.
This is the parser (https://github.com/milesj/decoda). Looks like it solves this issue by just filtering all the other fonts out but the first one.
JoshyPHP
commented
8 years ago By the way, come to think of it you may want to be a tiny bit more restrictive with what you accept as value. You can use a regexp for it, something like that for example:
$configurator->BBCodes->addCustom(
'[font family={REGEXP=/^[^\\r\\n;()]+$/}]{TEXT}[/font]',
new UnsafeTemplate('<span style="font-family:{REGEXP}">{TEXT}</span>')
);I think that should be enough to prevent from injecting unwanted CSS or using CSS functions within the font-family declaration.
NicholasJohn16
commented
8 years ago I've been looking over the documentation and learning more about the library.
Why can't I just run addslashes as a preFilter on the font tag to take care of this? I've tried the below and it doesn't seem to work for some reason.
$configurator->BBCodes->addCustom(
'[font={SIMPLETEXT;preFilter=addslashes}]{TEXT}[/font]',
'<span style="font-family:{SIMPLETEXT}">{TEXT}</span>'
);The #simpletext filter rejects the value, that's why. If the value doesn't match /^[- +,.0-9A-Za-z_]+$/ it will be rejected, that's why if you want to have quotes you need a regexp that allows them.
JoshyPHP
commented
8 years ago I thought about it and decided to add a filter specifically for font-family values. The next update will have an updated [font] BBCode that supports quoted font names.
If
[font]has quotes around a particular font like below the BBcode is not parsed.Though, without the quotes, works perfectly fine.
Is there any work around for this?