Update whitelist for TinyMCE

resource/tinymce/note.html

@@ -31,6 +31,50 @@
 		link_assume_external_targets: true,
 		nonbreaking_force_tab: 4,
 		
+		// More restrictive version of default set, with JS/etc. removed
+		valid_elements: "@[id|class|style|title|dir<ltr?rtl|lang|xml::lang],"
+			+ "a[rel|rev|charset|hreflang|tabindex|accesskey|type|name|href|target|title|class],"
+			+ "strong/b,"
+			+ "em/i,"
+			+ "strike,"
+			+ "u,"
+			+ "#p,"
+			+ "-ol[type|compact],"
+			+ "-ul[type|compact],"
+			+ "-li,"
+			+ "br,"
+			+ "img[longdesc|usemap|src|border|alt=|title|hspace|vspace|width|height|align],"
+			+ "-sub,-sup,"
+			+ "-blockquote[cite],"
+			+ "-table[border=0|cellspacing|cellpadding|width|frame|rules|height|align|summary|bgcolor|background|bordercolor],"
+			+ "-tr[rowspan|width|height|align|valign|bgcolor|background|bordercolor],"
+			+ "tbody,thead,tfoot,"
+			+ "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor|scope],"
+			+ "#th[colspan|rowspan|width|height|align|valign|scope],"
+			+ "caption,"
+			+ "-div,"
+			+ "-span,"
+			+ "-code,"
+			+ "-pre,"
+			+ "address,"
+			+ "-h1,-h2,-h3,-h4,-h5,-h6,"
+			+ "hr[size|noshade],"
+			+ "-font[face|size|color],"
+			+ "dd,dl,dt,"
+			+ "cite,"
+			+ "abbr,"
+			+ "acronym,"
+			+ "del[datetime|cite],ins[datetime|cite],"
+			+ "bdo,"
+			+ "col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|valign|width],"
+			+ "dfn,"
+			+ "kbd,"
+			+ "label[for],"
+			+ "legend,"
+			+ "q[cite],"
+			+ "samp,"
+			+ "var,",
+		
 		target_list: false,
 		
 		setup: function (editor) {

resource/tinymce/noteview.html

@@ -28,24 +28,47 @@
 		
 		// More restrictive version of default set, with JS/etc. removed
 		valid_elements: "@[id|class|style|title|dir<ltr?rtl|lang|xml::lang],"
-			+ "a[rel|rev|charset|hreflang|tabindex|accesskey|type|"
-			+ "name|href|target|title|class],strong/b,em/i,strike,u,"
-			+ "#p,-ol[type|compact],-ul[type|compact],-li,br,img[longdesc|usemap|"
-			+ "src|border|alt=|title|hspace|vspace|width|height|align],-sub,-sup,"
-			+ "-blockquote[cite],-table[border=0|cellspacing|cellpadding|width|frame|rules|"
-			+ "height|align|summary|bgcolor|background|bordercolor],-tr[rowspan|width|"
-			+ "height|align|valign|bgcolor|background|bordercolor],tbody,thead,tfoot,"
-			+ "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor"
-			+ "|scope],#th[colspan|rowspan|width|height|align|valign|scope],caption,-div,"
-			+ "-span,-code,-pre,address,-h1,-h2,-h3,-h4,-h5,-h6,hr[size|noshade],-font[face"
-			+ "|size|color],dd,dl,dt,cite,abbr,acronym,del[datetime|cite],ins[datetime|cite],"
-			+ "object[classid|width|height|codebase|type],param[name|value|_value],"
-			+ "map[name],area[shape|coords|href|alt|target],bdo,"
-			+ "button,col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|"
-			+ "valign|width],dfn,fieldset,"
-			+ "kbd,label[for],legend,optgroup[label|disabled],option[disabled|label|selected|value],"
-			+ "q[cite],samp,select[disabled|multiple|name|size],small,"
-			+ "textarea[cols|rows|disabled|name|readonly],tt,var,big"
+			+ "a[rel|rev|charset|hreflang|tabindex|accesskey|type|name|href|target|title|class],"
+			+ "strong/b,"
+			+ "em/i,"
+			+ "strike,"
+			+ "u,"
+			+ "#p,"
+			+ "-ol[type|compact],"
+			+ "-ul[type|compact],"
+			+ "-li,"
+			+ "br,"
+			+ "img[longdesc|usemap|src|border|alt=|title|hspace|vspace|width|height|align],"
+			+ "-sub,-sup,"
+			+ "-blockquote[cite],"
+			+ "-table[border=0|cellspacing|cellpadding|width|frame|rules|height|align|summary|bgcolor|background|bordercolor],"
+			+ "-tr[rowspan|width|height|align|valign|bgcolor|background|bordercolor],"
+			+ "tbody,thead,tfoot,"
+			+ "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor|scope],"
+			+ "#th[colspan|rowspan|width|height|align|valign|scope],"
+			+ "caption,"
+			+ "-div,"
+			+ "-span,"
+			+ "-code,"
+			+ "-pre,"
+			+ "address,"
+			+ "-h1,-h2,-h3,-h4,-h5,-h6,"
+			+ "hr[size|noshade],"
+			+ "-font[face|size|color],"
+			+ "dd,dl,dt,"
+			+ "cite,"
+			+ "abbr,"
+			+ "acronym,"
+			+ "del[datetime|cite],ins[datetime|cite],"
+			+ "bdo,"
+			+ "col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|valign|width],"
+			+ "dfn,"
+			+ "kbd,"
+			+ "label[for],"
+			+ "legend,"
+			+ "q[cite],"
+			+ "samp,"
+			+ "var,"
 	});
 	tinyMCE.execCommand("mceAddEditor", true, "tinymce");
 </script>