Allow more html tags for Drupal 9 dompuritfy

Created on 28 February 2023, almost 2 years ago
Updated 11 April 2024, 8 months ago

Problem/Motivation

Apologies if I have overlooked something, but I am stuck on getting HTML in captions working.

I have colorbox 2.0 installed on a Drupal 9.4+ site.

I need to allow for complex HTML in the caption (I would like to load actual entities in there and template/style them directly but that doesn't seem possible at all)

At a bare minimum, I need h1,h2, br, underline, and lists.

Currently, it seems colorbox - even with dompurify library installed and detected - is stripping everything except "strong" tags out.

I noticed in the discussion of a similar issue on the 7.x version that the allowed tags have been highly limited. The pre_process page solution provided in that thread won't work for Drupal 9.4+.

Is there a way to modify the allowed tags for colorbox in Drupal 9.4+?

💬 Support request
Status

Needs review

Version

2.0

Component

Miscellaneous

Created by

🇦🇺Australia gobnat

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @gobnat
  • Status changed to Needs review over 1 year ago
  • 🇫🇷France dydave

    Hi everyone,

    I just came across the same requirement to support HTML captions for a project, in particular, with more tags than the ones currently supported by the default by the module, see:
    https://git.drupalcode.org/project/colorbox/-/blob/2.0.0/js/colorbox.js#L83

    If you look carefully, you should see the JS is able to pick up a different configuration provided by the drupalSettings variable, see:

          if (drupalSettings.hasOwnProperty('dompurify_custom_config')) {
            purifyConfig = drupalSettings.dompurify_custom_config;
          }
    

     
    I have tested this and it is possible to override dompuritfy configuration pretty much anywhere you can attach a drupalSettings variable, for example in a theme preprocessing function such as template_preprocess_colorbox_view_mode_formatter, or template_preprocess_paragraph__type, etc... or any other theme preprocessing function (page, block, etc...), with the following code example:

    /**
     * Implements template_preprocess_colorbox_view_mode_formatter().
     */
    function [MYTHEME]_preprocess_colorbox_view_mode_formatter(&$variables) {
      // Override 'dompurify' configuration with allowed tags, such as p, h1, ...
      $variables['#attached']['drupalSettings']['dompurify_custom_config'] = [
        'ALLOWED_TAGS' => [
          'a',
          'b',
          'strong',
          'i',
          'em',
          'u',
          'cite',
          'code',
          'br',
          'div',
          'h1',
          'h2',
          'h3',
          'p',
        ],
        'ALLOWED_ATTR' => [
          'href',
          'hreflang',
          'title',
          'target',
          'class',
          'id',
        ],
      ];
    }
    

     

    We would greatly appreciate if you could please try testing the suggested solution and code above, in particular, whether you are able to properly override the list of allowed tags.
    Could you please give us your feedback and let us know if this is what you had in mind?
     

    Not sure, but this is perhaps something that could be documented somewhere in the module:
    Maybe we could add the code above as an example in the API file:
    https://git.drupalcode.org/project/colorbox/-/blob/2.0.0/colorbox.api.php
    Or in the README.txt file, under the OPTIONAL HTML CAPTIONS section and link back to this ticket, for example:
    https://git.drupalcode.org/project/colorbox/-/blob/2.0.0/README.txt?plai...

    Let us know if this is something you think could be useful and valuable for the module and we will surely be very happy to create a corresponding patch.

    Feel free to let us know if you encounter any issues while testing the code, or have more questions or any concerns on any aspects of this reply, this ticket in particular or the project in general, we would surely be glad to help.
    Thanks in advance.

  • 🇫🇷France anou Collonges au Mont d'Or

    Hello,

    I maybe missing something but I'm using views to output images in colorbox. I use the "custom with token" caption field. I've put a [MY_THEME]_preprocess_views_view(&vars) or [MY_THEME]_preprocess_views_page(&vars) and even your proposed code but without success.

    I still get only <strong> and <a> tags has possible HTML in caption.

    I've clear my cache and run cron.

    Something else maybe I'm am not aware?

    Thanks for your help.

  • 🇫🇷France anou Collonges au Mont d'Or

    UPDATE: if I check my JS settings the allowed tags are there but maybe it is something related to the treatment of the input field used in views?

    Or maybe I need to use the 2.0.x-dev version? (currently using the 2.0.2 version)...

Production build 0.71.5 2024