How can I configure Tinymce so that it doesn't strip javascript code?

Question

I’ve inherited an old website after the previous developer passed away. Foolish perhaps but they are good people doing good things in our community so I offered to help.

The site uses an old version of Tinymce.

I’m trying to update the signup form to use Constant Contact.

The code I’m trying to add is as follows: <script> var _ctct_m = "32ee443d65507d7f14ad26d121f10e50"; </script> <script id="signupScript" src="//static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js" async defer></script>

On posting, the editor modifies the code, stripping the src tag and adding CData tags as below: <script type="text/javascript">// <![CDATA[ var _ctct_m = "32ee443d65507d7f14ad26d121f10e50"; // ]]></script> <script id="signupScript"></script>

Regardless to say; this does not work.

I’ve modified the setting options in the mce_editor.js file; setting ‘cleanup’ to 0, and ‘validate html’ to false. There is a ‘script[src|type’ tag in the valid elements list but the problem persists.

There is another file called mce_serializer.js which has a ‘valid_elements : '[]' setting which looks about right.

The mce_init.js file doesn’t seem to have anything that would cause the editor to strip the code.

I've seen a possible solution at https://stackoverflow.com/questions/28983735/how-can-i-prevent-tinymce-from-adding-cdata-to-script-tags-and-from-commenting but it doesn't explain in which file I should add this code. Perhaps our Tinymce versions differ.

Anyone have any advise on how I can I make this work?

Answer 1

whay show tiny code script?

<div id="29172196670"><script type="text/JavaScript" src="https://www.aparat.com/embed/Q7RTg?data[rnddiv]=29172196670&data[responsive]=yes"></script></div>

Answer 2

It sounds like TinyMCE is aggressively cleaning up your script tags, likely due to its default content filtering settings. Since you've already tried modifying cleanup and validate_html settings without success, let's address the issue by explicitly allowing script tags through TinyMCE's setup.

You can Update TinyMCE Initialization Settings to solve this problem. Modify the TinyMCE initialization script (often found in a file like mce_init.js or directly in the HTML page where TinyMCE is initialized) to include the extended_valid_elements option. This allows you to specify elements that TinyMCE should not clean or remove. In the TinyMCE init configuration, add the following line:

extended_valid_elements: 'script[type|src|id|defer|async]'

This line tells TinyMCE to keep the script tags with the attributes type, src, id, defer, and async. Here's an example of how you might modify the TinyMCE initialization:

tinymce.init({
    selector: 'textarea',  // Change this to your specific selector
    ...
    extended_valid_elements: 'script[type|src|id|defer|async]',
    ...
});

This configuration should prevent TinyMCE from stripping the necessary attributes from your script tags, thus preserving the functionality of your signup form.

Here is the official link of how to use this specific functionality: https://www.tiny.cloud/docs-3x/reference/Configuration3x/Configuration3x@extended_valid_elements/

If this approach does not resolve the issue, you might also want to check if there are any server-side scripts or CMS plugins that could be modifying the content after TinyMCE processes it, especially if the CMS or server framework has additional sanitization or security measures for script tags.