CODEWITHSUNDEEP
javascriptcsstinymce
bob
bob

Reputation: 49

problems with tinymce style

i don't sure why but tinymce delete all

<style>
...
</style>

info in the textarea

what can i do? 10x

Upvotes: 0

Views: 510

Answers (3)

sajendra
sajendra

Reputation: 437

If you’re using WYSIWYG TinyMCE or CKEditor and framework CodeIgniter version >2.0, you can have problem with dissapearing style attribute.

You set style like and after submitting the form you get .

Where the hell is style=”” ?

Probably you have this option enable in config.php file :

$config['global_xss_filtering'] = TRUE;

After disabling global filtering , WYSIWYG do not lose styles.

Personally, I did not want to disable this feature so I made a workaround ;o)

Edited based on Bart’s suggestion to not mess with core files ;o)

This security was added for some reason, so to not get rid it completly I created array that store the addresses to which the tag style is not to be removed.

You need to create MY_Security.php file as extension for core Security class and add modified function _remove_evil_attributes.

protected function _remove_evil_attributes($str, $is_image){
  // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
  $allowed = array("your allowed url's without domain like '/admin/edittext/'");
  if(in_array($_SERVER['REQUEST_URI'],$allowed)){
    $evil_attributes = array('on\w*', 'xmlns');
  }else{
    $evil_attributes = array('on\w*', 'style', 'xmlns');
  }

  if ($is_image === TRUE){
    /*
    * Adobe Photoshop puts XML metadata into JFIF images, 
    * including namespacing, so we have to allow this for images.
    */
    unset($evil_attributes[array_search('xmlns', $evil_attributes)]);
  }

  do {
    $str = preg_replace(
      "#&lt;(/?[^&gt;&lt;]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^&gt;]*?[\"]|[\'][^&gt;]*?[\']|[^&gt;]*?)([\s&gt;&lt;])([&gt;&lt;]*)#i",
      "&lt;$1$6",
      $str, -1, $count
    );
  } while ($count);
  return $str;
}

source: http://blog.codebusters.pl/en/codeigniter-202-tinymce-or-ckeditor-style-attribute-lost-after-update/#comment-543

Upvotes: 0

ajsutton
ajsutton

Reputation: 548

For the record CKEditor isn't a successor to TinyMCE, just a competitor.

You can keep the style tags in the content by specifying 'style' as one of the allowed tags in TinyMCE's validation config. Just add:

extended_valid_elements: "style"

to the config you pass to init.

Upvotes: 1

Pekka
Pekka

Reputation: 449813

<style> tags are not valid in the document's body.

It may be possible to protect them somehow (at least it is in its successor CKEDitor, see here and search for protectedSource), but the primary question should be: Why are they in there?

Upvotes: 0

Related Questions