CODEWITHSUNDEEP
javascripttinymcetinymce-4
Viral Solani
Viral Solani

Reputation: 840

TinyMCE is not preventing invalid elements

I'm using tinyMCE 4.3.2 and I’ve initliazed tinyMCE as mentioned below.

tinymce.init({
                    selector: '#modal-content .tinymce',
                    theme: 'modern',
                    external_plugins: {
                        'lists': '/assets/js/tinymce/plugins/lists/plugin.min.js',
                        'link': '/assets/js/tinymce/plugins/link/plugin.min.js',
                        'charmap': '/assets/js/tinymce/plugins/charmap/plugin.min.js',
                        'hr': '/assets/js/tinymce/plugins/hr/plugin.min.js',
                        'searchreplace': '/assets/js/tinymce/plugins/searchreplace/plugin.min.js',
                        'paste': '/assets/js/tinymce/plugins/paste/plugin.min.js',
                        'wordcount': '/assets/js/tinymce/plugins/wordcount/plugin.min.js',
                        'visualblocks': '/assets/js/tinymce/plugins/visualblocks/plugin.min.js',
                        'visualchars': '/assets/js/tinymce/plugins/visualchars/plugin.min.js',
                        'code': '/assets/js/tinymce/plugins/code/plugin.min.js',
                        'table': '/assets/js/tinymce/plugins/table/plugin.min.js',
                        'contextmenu': '/assets/js/tinymce/plugins/contextmenu/plugin.min.js'
                    },
                    toolbar1: "undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link code",
                    valid_elements: 'a[*],p[*],ul[*],li[*]',
                    invalid_elements: "script,object,embed,link,style,form,input,iframe",
                    relative_urls: true,
                    remove_script_host: true
                });

When I'm trying to take value in JavaScript , it is not preventing invalid elements. It is taking iframe ,script and all other invalid elements. But It is working fine in PHP when form is submitted And when I'm getting data in post.

I'm trying to take value of editor from below mentioned ways. But it is not working.

tinymce.triggerSave();
tinyMCE.get('editor').getContent({format : 'text'})
tinyMCE.get('editor').getContent({format : 'raw'})

I want way to prevent invalid elements before I send value to server through Ajax. Let me know if there is any best possible way to prevent invalid elements.

Upvotes: 2

Views: 2346

Answers (1)

Thariama
Thariama

Reputation: 50840

What you are doing here is adding the string '<iframe src="google.com"></iframe>' to the editor content, but this is not a dom element and therefor won't get removed by tinymce. Everything is as it should be.

Upvotes: 1

Related Questions