django-tinymce changes relative urls - javascript

tinymce to manage my contents. it's ok, works but there is a small thing that i a curious to know is that why tinymce changes urls by it's own. for example:
i put a link and using url like /post/post1
but whenever i check my url, tinymce makes it like: ../../../../../post/post1
however, it's ok and does not break my link, but that feels bad to see!
this also happens for images
Django:3.2.12
django-tinymce: 3.4.0
tinymce (by it's own): TinyMCE 5.10.1

Try adding to tinymce.init - convert_urls: false

Related

How to make a read-only tinyMCE editor writetable again

I want to make some TinyMCE text editors on a page temporarily readonly.
I understand this technically possible using:
tinymce.get('id').getBody().setAttribute('contenteditable', false);
then we can re-enable them with:
tinymce.get('id').getBody().setAttribute('contenteditable', true);
However, I've found that using:
tinymce.get('id').setMode('readonly');
suits the needs of my project better when disabling as it makes the the whole textarea appear and become disabled.
My problem is that I can't then remove the setMode('readonly'), or find out what I should "re-set" the mode to.
I've tried:
tinymce.get('id').setMode('readonly', 0);
for example. But nothing seems to work.
TIA.
When you use the setMode() API you can pass one of two string values to switch the mode:
readonly
design
For example: tinymce.get('content').setMode('design');. Here is a running example of toggling between the modes:
http://fiddle.tinymce.com/Gdhaab
The documentation for this can be found here: https://www.tiny.cloud/docs/api/tinymce/tinymce.editormode/#set

TinyMCE appends links to the current URL

I'm running into this weird issue with TinyMCE where selecting a text and adding a link to it without "http://" will cause the new link to append to the current URL.
Example (assume my website is www.example.com):
Now under my settings "click" will link to "www.example.com/linkexample.com". I need it to link to "http://linkexample.com" instead, without manually adding "http://" in the "Url" field in the popup.
I've been trying different solutions online but nothing seemed to work for me.
Here is the list of solutions I've tried so far, none worked for me:
TinyMCE: How to prepend 'http://' to URL if it's not there
All examples from : http://www.tinymce.com/tryit/url_conversion.php
P.S. I'm running the latest TinyMCE 4.1.7
I'm done to try this one. it's worked for me (tell me if this thing
worked for you)
Go to link plugin on tinymce (tinymce/plugins/link)
Edit this file plugin.min.js (tinymce/plugins/link/plugin.min.js)
Find www using Ctrl+F in your editor like Notepad++ or Sublime Text
You will get this code /^\s*www\./i delete www\.
Now your code become /^\s*i
Now Save it. Done
Refresh your code using TinyMCE.
Now try use linkexample.com, You will get notification to add prefix http://
Done. I hope help you out.
In version 4.x this functionality is built in. But unfortunately it's not mentioned in the documentation, it's only documented in the changelog so I would imagine this is widely unknown.
$('textarea').tinymce({
...
link_assume_external_targets: true
...
});
I actually replaced this code:
/^\s*www./i.test(e)
with
!(/^\s*(http://|https://)/i.test(e))

Broken link - "/a" in JQuery 1.9 Js file

When we had done security audit of our project, we got broken Link "/a" vulnerability.
After searching for link throughout project we found link in JQuery-1.9.js java-script file that we are using in our project.
small part of code in that JQuery-1.9.js -
// Make sure that URLs aren't manipulated
// (IE normalizes it by default)
hrefNormalized: a.getAttribute("href") === "/a",
As per my understanding this code part helps for making it(JQuery) compatible with IE 6/7/8.
hrefNormalized is used to check that anchor tag is giving href value as full URL or exact href , which is issue in IE version.
The better explanation of this part is given in
https://www.inkling.com/read/jquery-cookbook-cody-lindley-1st/chapter-4/recipe-4-1
I want to remove this vulnerability but i don't want to remove or change code in JQuery js file.
So, My question is why did not JQuery designers used "/#" instead of "/a" .What is the problem of using "/#" in that code.
Earlier same question is asked by someone to JQuery Team,but they told that it not the problem from Jquery.
For reference of that ticket
http://bugs.jquery.com/ticket/10149
Help me to solve Or Is there another solution?
Thank you
This is not a vulnerability but a false positive. The security scanner interprets the "/a" string as a link, which it is not.
Even if jQuery creates the link in the DOM, it's not clickable or visible to the user. Your website does not actually have a real link to /a anywhere.
I would ignore the problem without changing anything.
Maybe, if you want this hrefNormalized: a.getAttribute("href") === "/a", to be transformed into this hrefNormalized: a.getAttribute("href") === "/#", but you don't want to touch the jQuery file.
Put that second one in a script in a an order so that the browser reads your script after reading the jQuery file, so it mashes.
Anyway, I never had issues with jQuery before, check your code first.
If you don't want to have your views with scripts, put it in a js file and link this file to your view after the jQuery file.
Hope it helped you, or at least gave you some ideas to solve your problem. Good luck, let us know how it goes! ;)
EDIT:
<script src="~/JQuery/jquery-2.0.3.js"></script>
<script src="~/Scripts/Fix.js"></script>
If you do something like this, the browser reads first the jQuery, then it reads the Fix.js. Inside the Fix.js, you put the function or paramater you want to change from the jQuery.
So the Browser will get the latest one it reads if they are equal.
For example:
function whatever (){ //This in jQuery file
//things #1
}
function whatever (){ //This in Fix file
//Different things #2
}
This way the browser chooses the Fix.js one, because was the last he read.

TinyMCE - how do you use onClick instead of <a href=""> for links?

Is there a way to change the defalt behaviour of TimyMCE, so that when you insert a link, it renders something like this:
<span onclick="window.open('http://google.com', '_blank', 'location=yes');"></span>
instead of
Ideally, I would like this to be done by the Link button, but it could be done onSubmit.
ADDED:
The reason for doing this (as I know it seems like bad practice) is to be able to port to PhoneGap (using the InAppBrowser plugin), as is not intended for browser use.
Overlooking that this really isn't a good practice, I will assume you have a valid use case for wanting to do such black magic.
But before, a few things to consider:
I would advise you to keep links as links while working in TinyMCE. That way, your users will be able to insert and edit them as usual. Changing them to span elements inside the editor will practically eliminate the ability to edit them without editing the full source. You should probably convert them to span elements outside the editor.
If you're the stubborn type and don't care about #1 or your users, you should note that the default TinyMCE 4 configuration doesn't allow onclick attributes, so you'll need to update extended_valid_elements, otherwise they will be removed during the cleanup process.
There is probably a better way to do what you're trying to do. As #Vic suggested, an event listener would probably be a better option.
Nevertheless, I will humor you. Below is an overview of the process with a working example.
Overview
If you are developing with TinyMCE 3.x, you'll want to tap into the onSaveContent event. If you are using 4.x, use the saveContent event. In both cases, the concept is the same.
This event gets fired whenever the content of the editor is "saved". This happens automatically if TinyMCE is submitted as part of a form, but you can also use tinymce.triggerSave() to force it on all editors at once.
So, simply setup your callback function to replace all links with the evil span alternative. You can use pure JS or TinyMCE's built-in DOM utilities (probably only a good idea if you're already familiar with them), but for clarity (and sanity) it's much easier with jQuery.
Working Example
TinyMCE Fiddle: http://fiddle.tinymce.com/mAdaab/1
This example uses TinyMCE 4
Open your browser's console to see the output
After TinyMCE loads, press the Save button
The resulting HTML will appear in your console
Do with it what you wish, but remember that there probably is a better way.
What you are proposing is a really bad practice (as in not using anchor tags for links) wouldnt it be easier to actually give your link an id or class and attach event listener with javascript and on click prevent default behavour grab the href attribute and use your window.open?

How to disable TinyMCE confirm dialog

Does anyone know how to disable TinyMCE alerts, and confirms. The confirm in talking about says:
This page is asking you to confirm
that you want to leave - data you have
entered may not be saved Leave Page -
Stay on Page
I've written my own stuff that detects if the page data has been change so I don;t want TinyMCE to worry. I found the function in the TinyMCE source so I'm about to overwrite it but I want to know if anyone knows a better way to accomplish this.
Thanks.
To remove the message, just disable the autosave plugin, that's what adds the onunload prompt.
Simply don't load the plugin in your TinyMCE initialization script.
As per a request I'm adding this here to show my solution which has worked great:
My solution thanks to a link provided by Madmartigan, on the TinyMCE forum. Getting rid of the autosave plugin did not work, I ended up writing this:
window.onbeforeunload = function() {};
And it got rid of the popup. Looks like it could be a bug with TinyMCE, since the init code I have I copied off their demo.
I set it as a param when initializing (autosave_ask_before_unload):
tinymce.init({
mode: 'textareas',
menubar: false,
statusbar: false,
language: 'sv_SE',
autosave_ask_before_unload: false,
...
If the problem you're having is just that the content isn't actually dirty, maybe because you replaced it programmatically, you can explicitly mark the editor as not dirty like this:
tinyMCE.activeEditor.isNotDirty = true
Neither of the above answers worked for me with Joomla 3.3.2 and JCE 2.5.11. Although this did work:
Inside the file -
components/com_jce/editor/tiny_mce/plugins/autosave/editor_plugin.js,
I changed
editor.getParam("autosave_ask_before_unload",TRUE)
to
editor.getParam("autosave_ask_before_unload",FALSE)
Apparently on autosave unload, it prompts the confirm box. This disables the unload confirm completely. From what I tested, it worked in IE, Chrome, and FF.

Categories