Contrib.social

Custom font color/background get stripped by Filter HTML plugin

Open on Drupal.org β†’
Created on 20 May 2025, 14 days ago

Problem/Motivation

When the Filter HTML plugin (Limit allowed HTML tags and correct faulty HTML) is enabled on a font style, custom font and background colors get stripped.

Steps to reproduce

1. Enable the ckeditor5_plugin_pack_font module
2. Create/modify a text format to enable either the Color or Background> buttons
3. Enable the Limit allowed HTML tags and correct faulty HTML filter
4. Save the filter
5. Add/edit a node using the text filter
6. Customize the text color or background color.

The CKEditor instance will show the custom colors, but when the node is saved and viewed, the custom colors are not displayed. Additionally, after saving, CKEditor no longer shows the custom colors.

The markup shows the added <span> tags, but the style attribute containing the text/background color has been removed.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

1.3

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States mediabounds

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @mediabounds
  • Comment 14 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mediabounds

    The removal of the style attribute seems pretty core to the Xss filter used by the Filter HTML plugin. But I couldn't find documentation on the module page either stating an incompatibility with the Filter HTML plugin or suggesting a required configuration. So I'm hoping I'm missing something.

  • Comment 14 days ago β†’
    πŸ‡΅πŸ‡±Poland salmonek

    Hi Daniel, thank you for feedback.

    There is mention about that incompatibility in the font family section - https://www.drupal.org/docs/extending-drupal/contributed-modules/contrib... β†’
    That may be indeed a bit unfortunate in case someone is not interested with font family. We'll move that higher in the font section.

    If you would like to use font colors with HTML filter please check out highlight plugin. The "pen" type changes the font color using classes.

  • Comment 12 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mediabounds

    Would there be any interest to this module to override the Filter HTML plugin to allow for the style attribute?

    Thinking out loud--it seems like the plugin definition for the filter_html plugin could be altered to override the FilterHtml class so that the process implementation retained the style attribute. (It could also do some basic filter to avoid url() in the inlined style.)

    Certainly that's not as secure as just removing the style attribute altogether...but maybe the trade off would be worth it for some folks.

  • Comment 9 days ago β†’
    πŸ‡΅πŸ‡±Poland salmonek

    I don't think we'll be adding it to the Plugin Pack.
    We're focusing on the CKEditor functionalities. HTML filter is editor agnostic so it seems out of scope of the module.
    It looks like there is already a module that provides a HTML filter with style support: https://www.drupal.org/project/extended_html_filter β†’

  • Comment 6 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mediabounds

    Fair enough--thank you!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024