Some people post the html of blog post that they want to share on our site. However, iframes are not permitted on our site, so I want to check the entered code that none were entered into the TinyMCE editor.
I am running a validation javascript on submission and it has the following code:
if (ErrorFound == 0)
{
if (tinyMCE.get("entryText").getContent().indexOf("<iframe") != -1)
{
alert("iframes are not accepted on this site as they can be used maliciously, please remove the offending code.");
document.frmBlogEntry.entryText.focus();
ErrorFound = ErrorFound + 1
}
}
What am i doing wrong? as when this is executed it is ignored. It must be something obvious that I am missing.
Would really appreciate your help.
Many thanks in advance,
Paul
By default the TinyMCE Editor cleans the output from the editor .... this link shows the default list of elements allowed
http://www.tinymce.com/wiki.php/Configuration:valid_elements
the iframe tag is not on that list of valid elements (the default one) - i would suggest that its being removed by the editor itself ....
I solved it by assigning getContent() to a variable first and then checking the indexof, was just a javascript problem.. nothing related to tinymce. Many thanks
Related
I have a "catalog" which is basically a (Divi) image gallery, where the prices are hidden for not-logged on users. The price is the image caption which is hidden on every page with CSS. However (of course) the element (price) is still in the source code which is not the intention, because it may only be seen by logged in clients.
The caption is hidden with this code:
.et_pb_gallery_caption {visibility:hidden;}
I've tried to add this javascript to completely remove the element from the source code:
if ( $(element).css('visibility') == 'hidden' ){
$(element).remove();
}
But that doesn't do the trick. Hopefully someone can help me.
Thanks in advance!
<?php if($userLoggedIn){ ?>
<caption>$9.99</caption>
<?php } ?>
as a commentor mentioned, you need to do this server side so the HTML sent over to the browser does not include your price.
Please note - i made up the name for the logged in check, you need to search for the proper variable in your wordpress install that represents different user log in and their types.
It is an ambiguous question without having source code snippet, btw if you are trying to remove the element whose visibility is set to hidden you can use following jquery code to remove it from the DOM as:
$(document).ready(function(){
$(".et_pb_gallery_caption").remove();
});
However, one can better comment if you show some code snippet.
I have a link with an inline attribute of style="color: #FF0000;". I recently upgraded to latest CKEditor, after years of neglect. Now when I call CKEDITOR.inline, it strips all the links.
I found http://docs.ckeditor.com/#!/api/CKEDITOR.dtd-property-S-editable, which doesn't have an a in there.
I did CKEDITOR.dtd.$editable.a = 1; and it still strips links. What am I missing here? I literally followed the flow from the API inline call to that, but it seems that I'm doing something wrong.
EDIT
I also find that is removing the class attribute from elements. Everything else seems okay.
Check out the guide about content filtering (ACF) in CKEditor. See also the working sample in CKEditor SDK which shows how ACF works in the default automatic mode and how to adjust it (which is what you need to do in your case).
try this:
CKEDITOR.config.allowedContent = true;
CKEDITOR.dtd.$removeEmpty['a'] = false;
CKEDITOR.config.extraAllowedContent = 'a[!href];' + '#';
CKEDITOR.config.protectedSource.push(/<a[^>]*><\/a>/g);
CKEDITOR.config.protectedSource.push(/<span*?[\s\S]*?\/span>/g);
I have a view in an MVC web application that produces and presents a list of countries and the name of their capital cities. Whenever the view loads, if the results presented to the user contain the words 'Australia' one or more times, then I want a message to appear at the bottom of the screen that says 'Australia is included in the results'. I have used the following script, but the message appears whether or not Australia is in the results. Does anyone have any suggestions?
<script type='text/javascript'>
if (
(
document.documentElement.textContent || document.documentElement.innerText
).indexOf('Australia') > -1
) {
alert("Australia is included in the results");
}
</script>
Thanks in advance
Your code looks sensible, so I suspect that the problem is that it is finding the string "Australia" in the code its self!
Try putting this script outside of the page contents (in a separate .js file) and see if the problem persists.
Maybe ;-)
I think only this condition might suffice:
if (document.documentElement.innerText.indexOf('Australia') > -1) {
alert("Australia is included in the results");
}
http://jsfiddle.net/3gkzC/2/
This is actually an answer for your follow up question about using HTML instead of an alert (I can't post comments, so had to do it this way, sorry.)
What you want is document.getElementById("element_ID").innerHTML = "whatever";
See here: http://jsfiddle.net/UVU8w/
I have been using CKEditor for some time and it has worked great. I've pretty much gotten rid of any problems that ive had but this one i cant seem to figure out. When i add inline attributes to elements for instance style = "color: #ff0;" on a <p></p> tag they are stripped out when i switch from wysiwyg to source view. No saving or submission is done and ckeditor is has been added to my site which is my own script. Any ideas as to what would cause this. All of the search results i can find correspond to this happening in Drupal but Drupal seems to be the problem not the editor in all instances. Thanks again!
It feels like you're using CKEditor 4.1+ that comes with Advanced Content Filter (ACF). If so, you need to specify config.allowedContent and configure it to get your things working. You may also be interested in config.extraAllowedContent.
See this answer for more details.
For anyone looking for a simple sample on how to enabled additional markup in CKEditor without disabling ACF completely, here is a short snippet:
CKEDITOR.replace( 'editor1', {
extraAllowedContent: 'style;*[id,rel](*){*}'
} );
extraAllowedContent here enables the <style> element, allows two additional attributes (in square brackets) for all (* is a wildcard) already allowed elements, allows usage of any class names (*) for them and allows usage of any inline styles {*}
hi you can stop ACF easily . by default your configaration is---
function ckeditor($name,$value='',$height=300){
return '<textarea name="'.addslashes($name).'">'.htmlspecialchars($value).'</textarea>
<script>$(function(){CKEDITOR.replace("'.addslashes($name).'",{});});</script>';
}
just add this in the curly brackets:
allowedContent: true
now your configuration will be:
function ckeditor($name,$value='',$height=300){
return '<textarea name="'.addslashes($name).'">'.htmlspecialchars($value).'</textarea>
<script>$(function(){CKEDITOR.replace("'.addslashes($name).'",{allowedContent: true});});</script>';
}
I faced the same issue and below answer solved my problem:
config.allowedContent = true;
config.extraAllowedContent = '*(*);*{*}';
config.extraAllowedContent = 'span;ul;li;table;td;style;*[id];*(*);*{*}';
I had the same problem, that ck was stripping not only some attributes, but whole elements when pasting a block element, inside a block element (div with some attributes pasted inside a p) while using this method:
editor.insertHtml(html);
what solved the problem was using this workaround instead:
editor.insertElement(CKEDITOR.dom.element.createFromHtml(html));
Please excuse my ignorance I am not very familiar with JavaScript and have been tasked with repairing a bug by a developer no longer at the company.
The onclick works perfectly in FireFox, however in IE 7&8 (the only ones we test for), it appears to run through the onclick functions properly, then instead of the data being submitted to the form URL in goStep3(), it runs through every onclick on the page, with href="#" then finally submits with incorrect information as the variable has been overwritten 50 times.
view
EDIT:
When I run trackSponsor(62, 64265); goStep3(1896, 64265, 0); return false; in the Developer Tools in IE8 I get an error of returning false outside of a function....removing that it works just fine.
Is the line that I believe is causing the problems?
trackSponsor() is working properly and returns false
goStep3() is quite a large function however it works by retrieving values from 4 other functions within, assigning the values to a URL within theAction
It completes the function by EDIT:
var yr = $("#find-yr").attr('value');
var me = $("#find-me").attr('value');
var mo = $("#find-mo").attr('value');
var keywords = $("#find-keywords").attr('value');
var theAction = PATH_BASE+'find/step3/'+p_term+'/'+p_id+'/'+p_l_id+'/';
document.forms['FindForm'].action = theAction;
document.FindForm.submit();
return true;
I have tried returning false from this function, as well as changing the document.FindForm.submit() to the 'correct' syntax of document.forms['FindForm'].submit() and it still does not submit until running through all of the other onclick s on the page.
Thanks in advance!
Notes:
jQuery is being used as well.
Javascript is not throwing any errors.
This works fine in FireFox
I can see it going through all of the other functions in the other onclicks using Developer Tools and stepping through the page it does not submit the results of goStep3 until it has gone through all of the other onclick functions on the page.
"posting my earlier comment as an answer"
I see a lot of jQuery being used with attribute selectors, so plz check the code against those.
EDIT:
I noticed ur unfamiliar with JavaScript... so in-case u didnt know, a jQuery selector, will select all tags matching a certain "selector-filter" and perform a certain action on them... so if there is a selector that selects all A tags with a href attribute (or maybe another common attribute between them...) then that would be the cause of your problem.
EDIT: -after you posted your answer -
glad you found an answer...
though it is alittle werid,
cause according to your question it goes through "every element with href="#" ...
However According to msdn, Event bubbling simply passes these unhandled events to the parent element for handling. not through "similar" tags :)
oh well..nothing is logical when it comes to IE
I would start by removing "return false;" from the onClick event since it really isn't doing anything.
try changing
href="#"
with
href='javascript:void(0)' .
I can't say for sure where things are going wrong, but I discourage using a form's name attribute to reference it like you have done here:
document.forms['FindForm'].action = theAction;
document.FindForm.submit();
Why not try the following jQuery:
$("form:FindForm").action = theAction;
$("form:FindForm").trigger("submit");
You should also check that $("form:FindForm") is indeed referencing the desired form element.
The problem was called because of how IE uses the bubble! Thanks all for your help, I have included the code solution to be placed in goStep3().
var browserName = navigator.appName;
if (browserName == "Microsoft Internet Explorer") {
window.event.cancelBubble = true;
}