From 3f89dd99085a55f68a19eb97f4f5b1b1fcd67669 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 27 Aug 2018 11:59:18 +0200
Subject: [PATCH] Disable pasting base64 images in ckeditor

---
 .jshintignore              |  1 +
 www/pad/disable-base64.js  | 40 ++++++++++++++++++++++++++++++++++++++
 www/pad/inner.js           |  1 +
 www/pad/mediatag-plugin.js |  9 ---------
 4 files changed, 42 insertions(+), 9 deletions(-)
 create mode 100644 www/pad/disable-base64.js

diff --git a/.jshintignore b/.jshintignore
index c403b39b3..2eac30b3a 100644
--- a/.jshintignore
+++ b/.jshintignore
@@ -14,6 +14,7 @@ www/common/hyperscript.js
 www/pad/wysiwygarea-plugin.js
 www/pad/mediatag-plugin.js
 www/pad/mediatag-plugin-dialog.js
+www/pad/disable-base64.js
 
 www/kanban/jkanban.js
 
diff --git a/www/pad/disable-base64.js b/www/pad/disable-base64.js
new file mode 100644
index 000000000..bbcbd1348
--- /dev/null
+++ b/www/pad/disable-base64.js
@@ -0,0 +1,40 @@
+( function() {
+    CKEDITOR.plugins.add('blockbase64', {
+        init: function (editor) {
+
+            var replaceImgText = function (html) {
+                var ret = html.replace( /<img[^>]*src="data:image\/(bmp|dds|gif|jpg|jpeg|png|psd|pspimage|tga|thm|tif|tiff|yuv|ai|eps|ps|svg);base64,.*?"[^>]*>/gi,
+                    function () {
+                        console.error("Direct image paste is not allowed.");
+                        return '';
+                });
+                return ret;
+            };
+
+            var chkImg = function () {
+                // don't execute code if the editor is readOnly
+                if (editor.readOnly) {
+                    return;
+                }
+
+                setTimeout( function() {
+                    editor.document.$.body.innerHTML = replaceImgText(editor.document.$.body.innerHTML);
+                },100);
+            };
+
+            editor.on('contentDom', function () {
+                // For Firefox
+                editor.document.on('drop', chkImg);
+                // For IE
+                editor.document.getBody().on('drop', chkImg);
+            });
+
+            editor.on('paste', function(e) {
+                var html = e.data.dataValue;
+                if (!html) { return; }
+                e.data.dataValue = replaceImgText(html);
+            });
+
+        }
+    });
+})();
diff --git a/www/pad/inner.js b/www/pad/inner.js
index 43d49a4d9..661a0ed05 100644
--- a/www/pad/inner.js
+++ b/www/pad/inner.js
@@ -740,6 +740,7 @@ define([
                     '.cke_body_width body > *:first-child { margin-top: 0; }';
                 Ckeditor.addCss(newCss);
                 Ckeditor.plugins.addExternal('mediatag','/pad/', 'mediatag-plugin.js');
+                Ckeditor.plugins.addExternal('blockbase64','/pad/', 'disable-base64.js');
                 module.ckeditor = editor = Ckeditor.replace('editor1', {
                     customConfig: '/customize/ckeditor-config.js',
                 });
diff --git a/www/pad/mediatag-plugin.js b/www/pad/mediatag-plugin.js
index fe6b04703..61d7ccdd5 100644
--- a/www/pad/mediatag-plugin.js
+++ b/www/pad/mediatag-plugin.js
@@ -1,12 +1,3 @@
-/**
- * @license Copyright (c) 2003-2017, CKSource - Frederico Knabben. All rights reserved.
- * For licensing, see LICENSE.md or http://ckeditor.com/license
- */
-
-/**
- * @fileOverview The Image plugin.
- */
-
 ( function() {
 
     CKEDITOR.plugins.add( 'mediatag', {