From 60d87d9bd1900435914cae193b346a74c6a02483 Mon Sep 17 00:00:00 2001 From: Karl Kemister-Sheppard Date: Tue, 8 Apr 2025 08:09:57 +1000 Subject: [PATCH 1/5] DOC-3189: Add new options for preserving MathML elements and attributes in the Math plugin. --- modules/ROOT/pages/7.8.0-release-notes.adoc | 48 ++++++++++++++++ modules/ROOT/pages/math.adoc | 6 ++ .../extended_mathml_attributes.adoc | 57 +++++++++++++++++++ .../extended_mathml_elements.adoc | 46 +++++++++++++++ 4 files changed, 157 insertions(+) create mode 100644 modules/ROOT/partials/configuration/extended_mathml_attributes.adoc create mode 100644 modules/ROOT/partials/configuration/extended_mathml_elements.adoc diff --git a/modules/ROOT/pages/7.8.0-release-notes.adoc b/modules/ROOT/pages/7.8.0-release-notes.adoc index dff76301c5..44859ccbba 100644 --- a/modules/ROOT/pages/7.8.0-release-notes.adoc +++ b/modules/ROOT/pages/7.8.0-release-notes.adoc @@ -69,6 +69,54 @@ The {productname} {release-version} release includes an accompanying release of For information on the **** plugin, see: xref:.adoc[]. +=== Math + +The {productname} {release-version} release includes an accompanying release of the **Math** premium plugin. + +**Math** includes the following fix. + +==== New `extended_mathml_attributes` and `extended_mathml_elements` options. +// #TINY-11756 + +== New options for customizing allowed MathML elements and attributes + +To improve flexibility when working with MathML content, especially in cases where new attributes or elements are not yet supported by DOMPurify, two new configuration options have been introduced: xref:math.adoc#extended-mathml-elements[extended_mathml_elements] and xref:math.adoc#extended-mathml-attributes[extended_mathml_attributes]. + +Prior to {release-version}, MathML elements and attributes could be configured informally, but were not officially supported. With enhanced security measures introduced in {productname} {release-version}, MathML content is now filtered separately from HTML using DOMPurify, and any unsupported elements or attributes are stripped from the editor content. This change increased security but removed the ability to allow certain MathML-specific content. + +The new options allow users to define lists of MathML elements and attributes that should be preserved, even if DOMPurify does not currently recognize them. This enables quicker user-side updates in response to evolving MathML specifications without disabling sanitization or waiting for upstream changes. + +**`+extended_mathml_elements+`**: allows a list of additional MathML elements to be preserved. +**`+extended_mathml_attributes+`**: allows a list of additional MathML attributes to be preserved. + +These options apply only within MathML contexts and do not affect general HTML content. They enable use cases such as preserving `++` elements and attributes like `linebreak` in MathML expressions. + +.Example of MathML with preserved elements and attributes +[source,js] +---- +tinymce.init({ + selector: "textarea", + extended_mathml_elements: [ "mn" ], + extended_mathml_attributes: [ "linebreak" ] +}); +---- + +.Example of MathML with preserved elements and attributes +[source,html] +---- +

+ + 0.196 + + = + + 0.196 + +

+---- + +For information on the **Math** premium plugin, see: xref:math.adoc[Math]. + [[accompanying-premium-plugin-end-of-life-announcement]] == Accompanying Premium plugin end-of-life announcement diff --git a/modules/ROOT/pages/math.adoc b/modules/ROOT/pages/math.adoc index 94046b7d90..4eaff473bb 100644 --- a/modules/ROOT/pages/math.adoc +++ b/modules/ROOT/pages/math.adoc @@ -72,6 +72,12 @@ include::partial$misc/plugin-toolbar-button-id-boilerplate.adoc[] include::partial$misc/plugin-menu-item-id-boilerplate.adoc[] +== Options + +include::partial$configuration/extended_mathml_elements.adoc[leveloffset=+1] + +include::partial$configuration/extended_mathml_attributes.adoc[leveloffset=+1] + == Commands The {pluginname} plugin provides the following {productname} commands. diff --git a/modules/ROOT/partials/configuration/extended_mathml_attributes.adoc b/modules/ROOT/partials/configuration/extended_mathml_attributes.adoc new file mode 100644 index 0000000000..4fa359d062 --- /dev/null +++ b/modules/ROOT/partials/configuration/extended_mathml_attributes.adoc @@ -0,0 +1,57 @@ +[[extended-mathml-attributes]] +== `+extended_mathml_attributes+` + +This option allows a specific list of additional MathML attributes to be preserved in the editor content, even if they are not included in the default DOMPurify allowlist. This setting only affects attributes used within MathML markup and has no effect on general HTML content. + +*Type:* `+Array+` of `+Strings+` + +*Default value:* `+[]+` (empty array) + +=== Example: using `+extended_mathml_attributes+` + +[source,js] +---- +tinymce.init({ + selector: 'textarea', + extended_mathml_attributes: [ 'linebreak', 'encoding' ] +}); +---- + +.Example of MathML with preserved attributes +[source,html] +---- +

+ + + x + = + + + + b + ± + + + + b + 2 + + + 4 + + a + + c + + + + + 2 + + a + + + + +

+---- \ No newline at end of file diff --git a/modules/ROOT/partials/configuration/extended_mathml_elements.adoc b/modules/ROOT/partials/configuration/extended_mathml_elements.adoc new file mode 100644 index 0000000000..f371c6e66a --- /dev/null +++ b/modules/ROOT/partials/configuration/extended_mathml_elements.adoc @@ -0,0 +1,46 @@ +[[extended-mathml-elements]] +== `+extended_mathml_elements+` + +This option allows a specific list of additional MathML elements to be preserved in the editor content, even if they are not included in the default DOMPurify allowlist. This setting only affects elements used within MathML markup and has no effect on general HTML content. + +*Type:* `+Array+` of `+Strings+` + +*Default value:* `+[]+` (empty array) + +=== Example: using `+extended_mathml_elements+` + +[source,js] +---- +tinymce.init({ + selector: 'textarea', + extended_mathml_elements: [ 'mn', 'mspace' ] +}); +---- + +.Example of MathML with preserved elements +[source,html] +---- +

+ + + a + = + + + 1 + + + √2 + + 3 + + + + + + 5 + 2 + + + +

+---- \ No newline at end of file From 25bda8e031893010866b3340edbf8cde2f22075c Mon Sep 17 00:00:00 2001 From: Karl Kemister-Sheppard Date: Tue, 8 Apr 2025 08:14:37 +1000 Subject: [PATCH 2/5] Update modules/ROOT/pages/7.8.0-release-notes.adoc --- modules/ROOT/pages/7.8.0-release-notes.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/ROOT/pages/7.8.0-release-notes.adoc b/modules/ROOT/pages/7.8.0-release-notes.adoc index 44859ccbba..3f8ba2a42e 100644 --- a/modules/ROOT/pages/7.8.0-release-notes.adoc +++ b/modules/ROOT/pages/7.8.0-release-notes.adoc @@ -78,8 +78,6 @@ The {productname} {release-version} release includes an accompanying release of ==== New `extended_mathml_attributes` and `extended_mathml_elements` options. // #TINY-11756 -== New options for customizing allowed MathML elements and attributes - To improve flexibility when working with MathML content, especially in cases where new attributes or elements are not yet supported by DOMPurify, two new configuration options have been introduced: xref:math.adoc#extended-mathml-elements[extended_mathml_elements] and xref:math.adoc#extended-mathml-attributes[extended_mathml_attributes]. Prior to {release-version}, MathML elements and attributes could be configured informally, but were not officially supported. With enhanced security measures introduced in {productname} {release-version}, MathML content is now filtered separately from HTML using DOMPurify, and any unsupported elements or attributes are stripped from the editor content. This change increased security but removed the ability to allow certain MathML-specific content. From 46e713fa97a83591e7ea4e8e5106d83de201d10c Mon Sep 17 00:00:00 2001 From: Karl Kemister-Sheppard Date: Tue, 8 Apr 2025 08:15:26 +1000 Subject: [PATCH 3/5] Update modules/ROOT/pages/7.8.0-release-notes.adoc --- modules/ROOT/pages/7.8.0-release-notes.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/7.8.0-release-notes.adoc b/modules/ROOT/pages/7.8.0-release-notes.adoc index 3f8ba2a42e..0c4258995b 100644 --- a/modules/ROOT/pages/7.8.0-release-notes.adoc +++ b/modules/ROOT/pages/7.8.0-release-notes.adoc @@ -73,7 +73,7 @@ For information on the **** plugin, see: xref: Date: Tue, 8 Apr 2025 10:06:43 +1000 Subject: [PATCH 4/5] Update modules/ROOT/pages/7.8.0-release-notes.adoc --- modules/ROOT/pages/7.8.0-release-notes.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/7.8.0-release-notes.adoc b/modules/ROOT/pages/7.8.0-release-notes.adoc index 0c4258995b..f43268e312 100644 --- a/modules/ROOT/pages/7.8.0-release-notes.adoc +++ b/modules/ROOT/pages/7.8.0-release-notes.adoc @@ -84,8 +84,8 @@ Prior to {release-version}, MathML elements and attributes could be configured i The new options allow users to define lists of MathML elements and attributes that should be preserved, even if DOMPurify does not currently recognize them. This enables quicker user-side updates in response to evolving MathML specifications without disabling sanitization or waiting for upstream changes. -**`+extended_mathml_elements+`**: allows a list of additional MathML elements to be preserved. -**`+extended_mathml_attributes+`**: allows a list of additional MathML attributes to be preserved. +* **`+extended_mathml_elements+`**: allows a list of additional MathML elements to be preserved. +* **`+extended_mathml_attributes+`**: allows a list of additional MathML attributes to be preserved. These options apply only within MathML contexts and do not affect general HTML content. They enable use cases such as preserving `++` elements and attributes like `linebreak` in MathML expressions. From b5b9e01ac2910febfce224b5e8532328a16edec8 Mon Sep 17 00:00:00 2001 From: Karl Kemister-Sheppard Date: Wed, 9 Apr 2025 08:27:05 +1000 Subject: [PATCH 5/5] Update modules/ROOT/pages/7.8.0-release-notes.adoc --- modules/ROOT/pages/7.8.0-release-notes.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/7.8.0-release-notes.adoc b/modules/ROOT/pages/7.8.0-release-notes.adoc index f43268e312..b7c8c9a5ba 100644 --- a/modules/ROOT/pages/7.8.0-release-notes.adoc +++ b/modules/ROOT/pages/7.8.0-release-notes.adoc @@ -80,7 +80,9 @@ The {productname} {release-version} release includes an accompanying release of To improve flexibility when working with MathML content, especially in cases where new attributes or elements are not yet supported by DOMPurify, two new configuration options have been introduced: xref:math.adoc#extended-mathml-elements[extended_mathml_elements] and xref:math.adoc#extended-mathml-attributes[extended_mathml_attributes]. -Prior to {release-version}, MathML elements and attributes could be configured informally, but were not officially supported. With enhanced security measures introduced in {productname} {release-version}, MathML content is now filtered separately from HTML using DOMPurify, and any unsupported elements or attributes are stripped from the editor content. This change increased security but removed the ability to allow certain MathML-specific content. +Prior to {release-version}, MathML elements and attributes were treated the same as all other content, with no special handling for MathML-specific structures. As a result, unsupported elements and attributes were either retained without validation or stripped without regard to their MathML context. + +In {productname} {release-version}, MathML content is now filtered separately from general HTML using DOMPurify. As part of this change, support has been added to selectively allow specific elements and attributes *within* a `` element using the new configuration options. The new options allow users to define lists of MathML elements and attributes that should be preserved, even if DOMPurify does not currently recognize them. This enables quicker user-side updates in response to evolving MathML specifications without disabling sanitization or waiting for upstream changes.