Reputation: 401
Prevent PyroCMS stripping inline styles from WYSIWYG content?
I've noticed a problem when inserting an uploaded image into a textarea via the WYSIWYG editor (e.g. a page chunk in the Pages module). The alignment on the inserted image is not retained after updating the record.
After a bit of testing I noticed that the alignment on the image is done by adding an inline style to the img tag e.g. style='float:right', however if an 'align=right' attribute is manually added instead, this is retained after saving to the database.
My assumption is therefore that Pyro is stripping inline styles from WYSIWYG content. Is there a way to prevent this?
Upvotes: 2
Views: 1030
Answers (1)
Reputation: 31
This is because XSS filtering is turned on for the module in question.
In the Pyro database there's a table named default_modules (or something else if you have a different site identifier).
In that table there's a column named skip_xss. You can set this to 1 to allow inline styles (and some other, potentially dangerous content) in form input for a given module.
If you're making a custom module, you can add skip_xss => 1 to $info in your details.php file to start with XSS filtering turned off.
Upvotes: 3
Related Questions
- How to disable pasting inline styles on CKEditor?
- How to add wysiwyg editor in pyrocms module
- CKEditor removing inline CSS
- How can I change the default editor options for PyroCMS?
- PyroCMS CKEditor Formatted Text Type Issues
- PyroCMS - Add WYSIWYG editor in frontend
- How to add wysiwyg editor in "HTML" pyrocms widget
- How to prevent CKEditor insertHtml to wrap element within <p> in webkit browsers?
- Removing external styles from jQuery WYSIWYG editor in PHP
- CKEditor "protects" me from inline stylesheets