Commit 7be52a04 authored by brockfanning's avatar brockfanning Committed by joseph.olstad

Issue #2833205 by brockfanning: Allow for some escaping when overriding fields in WYSIWYG

parent ec002e8b
......@@ -236,7 +236,7 @@
if (info.attributes) {
$.each(Drupal.settings.media.wysiwyg_allowed_attributes, function(i, a) {
if (info.attributes[a]) {
element.attr(a, $('<textarea />').html(info.attributes[a]).text());
element.attr(a, info.attributes[a]);
}
});
delete(info.attributes);
......
......@@ -55,6 +55,14 @@ Drupal.media.formatForm.getEditorContent = function(fieldKey) {
}
}
Drupal.media.formatForm.escapeFieldInput = function(input) {
// This is the default implementation of an overridable function: It is
// intended to allow for the escaping of the user input from the format form.
// No escaping is done here, but this allows other modules to escape the input
// by overriding this function.
return input;
}
Drupal.media.formatForm.getOptions = function () {
// Get all the values
var ret = {};
......@@ -74,7 +82,7 @@ Drupal.media.formatForm.getOptions = function () {
field.name = field.name.replace('[]', '[' + fieldDelta[field.name] + ']');
}
ret[field.name] = field.value;
ret[field.name] = Drupal.media.formatForm.escapeFieldInput(field.value);
// When a field uses a WYSIWYG format, the value needs to be extracted and encoded.
if (field.name.match(/\[format\]/i)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment