Set Attr.AllowedFrameTargets + Attr.AllowedRel automatically

#79 (comment)
craftcms · Aug 12, 2023 · a803131 · a803131
1 parent 957423f
commit a803131
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,8 @@
 - CKEditor config edit pages now have a “Save as a new config” alternative submit action. ([#110](https://github.com/craftcms/ckeditor/discussions/110)) 
 - The `ckeditor/convert` action will now find and convert `craft\fields\MissingField` instances that were meant to be Redactor fields.
 - CKEditor fields with the “Insert table” button now include the `TableProperties` and `TableCellProperties` plugins. ([#103](https://github.com/craftcms/ckeditor/issues/103), [#115](https://github.com/craftcms/ckeditor/discussions/115))
-- Norwegian Bokmål and Nynorsk both now load the main Norwegian (no) UI translations. ([#113](https://github.com/craftcms/ckeditor/issues/113)) 
+- Norwegian Bokmål and Nynorsk both now load the main Norwegian (no) UI translations. ([#113](https://github.com/craftcms/ckeditor/issues/113))
+- The `Attr.AllowedFrameTargets` and `Attr.AllowedRel` HTML Purifier config settings are now automatically set based on the CKEditor `link` configuration. ([#79](https://github.com/craftcms/ckeditor/issues/79))
 - Fixed a bug where could get marked as dirty when focussed, without making any changes. ([#90](https://github.com/craftcms/ckeditor/issues/90))
 - Fixed a bug where the Norwegian Nynorsk UI translations weren’t working. ([#113](https://github.com/craftcms/ckeditor/issues/113))
 - Updated CKEditor 5 to 39.0.1.

diff --git a/src/Field.php b/src/Field.php
@@ -452,6 +452,27 @@ protected function purifierConfig(): HTMLPurifier_Config
     {
         $purifierConfig = parent::purifierConfig();
 
+        // Make sure the basics are covered based on the CKE config
+        $ckeConfig = $this->_ckeConfig();
+        // These will come back as indexed (key => true) arrays
+        $allowedTargets = $purifierConfig->get('Attr.AllowedFrameTargets');
+        $allowedRels = $purifierConfig->get('Attr.AllowedRel');
+        if (isset($ckeConfig->options['link']['addTargetToExternalLinks'])) {
+            $allowedTargets['_blank'] = true;
+        }
+        foreach ($ckeConfig->options['link']['decorators'] ?? [] as $decorator) {
+            if (isset($decorator['attributes']['target'])) {
+                $allowedTargets[$decorator['attributes']['target']] = true;
+            }
+            if (isset($decorator['attributes']['rel'])) {
+                foreach (explode(' ', $decorator['attributes']['rel']) as $rel) {
+                    $allowedRels[$rel] = true;
+                }
+            }
+        }
+        $purifierConfig->set('Attr.AllowedFrameTargets', array_keys($allowedTargets));
+        $purifierConfig->set('Attr.AllowedRel', array_keys($allowedRels));
+
         // Give plugins a chance to modify the HTML Purifier config, or add new ones
         $event = new ModifyPurifierConfigEvent([
             'config' => $purifierConfig,