From bc10e79f921bc9fca46cb9a43f7e0755954fb152 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 3 Aug 2020 16:16:02 +0200
Subject: [PATCH] Antisamy policy fixes

Allow table tags in TinyMCE
---
 .../vitro/webapp/web/antisamy-vitro-1.4.4.xml | 36 ++++++++++++++-----
 .../edit/forms/defaultFormScripts.ftl         |  4 +--
 2 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/api/src/main/resources/edu/cornell/mannlib/vitro/webapp/web/antisamy-vitro-1.4.4.xml b/api/src/main/resources/edu/cornell/mannlib/vitro/webapp/web/antisamy-vitro-1.4.4.xml
index 80d38bf37..546c08b37 100644
--- a/api/src/main/resources/edu/cornell/mannlib/vitro/webapp/web/antisamy-vitro-1.4.4.xml
+++ b/api/src/main/resources/edu/cornell/mannlib/vitro/webapp/web/antisamy-vitro-1.4.4.xml
@@ -106,8 +106,8 @@ http://www.w3.org/TR/html401/struct/global.html
         <regexp name="angle" value="(-|\+)?([0-9]+(\.[0-9]+)?)(deg|grads|rad)"/>
         <regexp name="time" value="([0-9]+(\.[0-9]+)?)(ms|s)"/>
         <regexp name="frequency" value="([0-9]+(\.[0-9]+)?)(hz|khz)"/>
-        <regexp name="length" value="((-|\+)?0|(-|\+)?([0-9]+(\.[0-9]+)?)(em|ex|px|in|cm|mm|pt|pc))"/>
-        <regexp name="positiveLength" value="((\+)?0|(\+)?([0-9]+(\.[0-9]+)?)(em|ex|px|in|cm|mm|pt|pc))"/>
+        <regexp name="length" value="((-|\+)?0|(-|\+)?([0-9]+(\.[0-9]+)?)(rem|em|ex|px|in|cm|mm|pt|pc))"/>
+        <regexp name="positiveLength" value="((\+)?0|(\+)?([0-9]+(\.[0-9]+)?)(rem|em|ex|px|in|cm|mm|pt|pc))"/>
         <regexp name="percentage" value="(-|\+)?([0-9]+(\.[0-9]+)?)%"/>
         <regexp name="positivePercentage" value="(\+)?([0-9]+(\.[0-9]+)?)%"/>
 
@@ -149,6 +149,14 @@ http://www.w3.org/TR/html401/struct/global.html
             </regexp-list>
         </attribute>
 
+        <attribute name="dir" description="The dir attribute specifies the text direction of the element's content.">
+            <literal-list>
+                <literal value="ltr"/>
+                <literal value="rtl"/>
+                <literal value="auto"/>
+            </literal-list>
+        </attribute>
+
         <attribute name="class" description="The 'class' of any HTML attribute is usually a single word, but it can also be a list of class names separated by spaces">
             <regexp-list>
                 <regexp name="htmlClass"/>
@@ -549,12 +557,24 @@ http://www.w3.org/TR/html401/struct/global.html
 
         <!-- All formatting tags -->
 
-        <tag name="h1" action="validate"/>
-        <tag name="h2" action="validate"/>
-        <tag name="h3" action="validate"/>
-        <tag name="h4" action="validate"/>
-        <tag name="h5" action="validate"/>
-        <tag name="h6" action="validate"/>
+        <tag name="h1" action="validate">
+            <attribute name="dir"/>
+        </tag>
+        <tag name="h2" action="validate">
+            <attribute name="dir"/>
+        </tag>
+        <tag name="h3" action="validate">
+            <attribute name="dir"/>
+        </tag>
+        <tag name="h4" action="validate">
+            <attribute name="dir"/>
+        </tag>
+        <tag name="h5" action="validate">
+            <attribute name="dir"/>
+        </tag>
+        <tag name="h6" action="validate">
+            <attribute name="dir"/>
+        </tag>
 
         <tag name="p" action="validate">
 
diff --git a/webapp/src/main/webapp/templates/freemarker/edit/forms/defaultFormScripts.ftl b/webapp/src/main/webapp/templates/freemarker/edit/forms/defaultFormScripts.ftl
index 0405d2f58..b623485af 100644
--- a/webapp/src/main/webapp/templates/freemarker/edit/forms/defaultFormScripts.ftl
+++ b/webapp/src/main/webapp/templates/freemarker/edit/forms/defaultFormScripts.ftl
@@ -39,7 +39,7 @@
                 theme_advanced_resizing : true,
                 height : "${height}",
                 width  : "${width}",
-                valid_elements : "a[href|name|title],br,p,i,em,cite,strong/b,u,sub,sup,ul,ol,li",
+                valid_elements : "tr[*],td[*],tbody[*],table[*],a[href|name|title],br,p[style],i,em,cite,strong/b,u,sub,sup,ul,ol,li,h1[dir|style|id],h2[dir|style|id],h3[dir|style|id],h4,h5,h6,div[style|class],span[dir|style|class]",
                 fix_list_elements : true,
                 fix_nesting : true,
                 cleanup_on_startup : true,
@@ -49,7 +49,7 @@
                 paste_use_dialog : false,
                 paste_auto_cleanup_on_paste : true,
                 paste_convert_headers_to_strong : true,
-                paste_strip_class_attributes : "all",
+                paste_strip_class_attributes : "mso",
                 paste_remove_spans : true,
                 paste_remove_styles : true,
                 paste_retain_style_properties : ""