Fancypost BBCode 1.0.2

Allow users to safely style sections of a post with CSS

This plugin adds a fancypost BBCode tag which will allow your users to safely style a section of their post using select CSS attributes.


Aside from limiting which CSS attributes the user can use (to prevent them from doing something naughty such as covering the entire page), the values given for the CSS attributes are escaped to avoid injection of nefarious content.


As an example, the tag

Code
[fancypost=border-radius: 6px; border-color: green; background-color: blue; color: #FFFFFF; width: 5000px;][color=white]This is some text[/color][/fancypost]

would create
(notice the border color is correctly missing since no border-size was given, and the tag isn't allowed to take up the 5000 pixel width requested by the user)


The allowed CSS attributes are:

  • background-color
  • background-image
  • background-position
  • background-repeat
  • background-clip
  • background-size
  • border-bottom
  • border-bottom-color
  • border-bottom-left-radius
  • border-bottom-right-radius
  • border-bottom-style
  • border-bottom-width
  • border-color
  • border-image
  • border-left
  • border-left-color
  • border-left-style
  • border-left-width
  • border-radius
  • border-right
  • border-right-color
  • border-right-style
  • border-right-width
  • border-style
  • border-top
  • border-top-color
  • border-top-left-radius
  • border-top-right-radius
  • border-top-style
  • border-top-width
  • border-width
  • box-shadow
  • bottom
  • color
  • height
  • left
  • margin-bottom
  • margin-left
  • margin-right
  • margin-top
  • min-height
  • min-width
  • max-height
  • max-width
  • overflow
  • overflow-x
  • overflow-y
  • padding-bottom
  • padding-left
  • padding-right
  • padding-top
  • width
  • vertical-align
  • line-height
  • text-align
  • word-wrap
Like 2

  • Version 1.0.2

    Updated code to remove unnecessary HTML escaping.

  • Will this plugin be published to version Woltlab Suite 3.0?