Loading Profile...
Twitter,
Facebook, or email.
Wygwam deleting javascript tags in content
Wygwam appears to be deleting out javascript tags that I put in my content. Is there a way to disable this behavior? I tried searching the web for any fck settings that might do it without any luck. Below is an example of the type of thing that is being deleted.
-
Hi James,
CKEditor will strip out JavaScript tags for your safety so as not to expose your site to XSS attacks. If you want to allow them (which you probably only be in a very few circumstances), you'll need a bit of regex and you'll want to look at http://docs.cksource.com/ckeditor_api...
Thanks,
BradComment -
-
Hi Brad-
Yes, I understand the need to be careful with something like that. In this case though anyone who has access is a trusted source.
I am not exactly following what I need to do in order to not have javascript tags stripped out. Can you elaborate? -
-
Hi James,
Anything the regex matches in config.protectedSource will not be stripped by CKEditor in the output.
Something like:
<script (.|\n)*>(.|\n)*?</script>
Should match script tags and anything in between them.
Thanks,
Brad -
-
Where would I add that? I don't see protectSource as an option in the "Add an advanced setting..." drop down in the Editor Configurations. Is it an actual file I have to edit? If so, where is it located?
-
-
Hi James,
You’d add that in themes/third_party/wygwam/lib/ckeditor/config.js. -
-
-
-
I tried adding the line below to the CKEDITOR.editorConfig. It still is stripping them out.
config.protectedSource.push( <script (.|\n)*>(.|\n)*?</script> ); -
-
You need to pass it in as a regular expression (you’re missing the forward slashes):
config.protectedSource.push( /<script (.|\n)*>(.|\n)*?</script>/ ); -
-
I'm having a similar issue with JS and Wygwam.
The client is copy/paste in a Wufoo JS embed script within the Wygwam field. The source is fine, but when JS is parsed, the curley brackets within the script are being encoded. Thus breaking the embed script.
Any ideas how to fix this?
'ssl':true}); vs. 'ssl':true}); -
-
Hey Austin,
We released Wygwam 2.4 on Tuesday, which no longer encodes curly brackets. -
-
Great, perfect timing! Thanks Brandon -
-
I upgraded to the latest Wygwam 2.4.0.2 on EE 2.3.1 and applied
config.protectedSource.push( /<script (.|\n)*>(.|\n)*?<config.protectedSource.push( // );#47;script>/ );
to my config.js file again, but now it is deleting out script tags again. Any idea how to fix this? -
-
-
-
-
-
And what are you entering into the field that's getting removed?
-
-
-
-
That regex does match both of your JS examples. So, two possibilities: 1) If you've got more than one <script> tag ,you need to add a 'g' to the end of your regex, right after the last forward slash; and 2) You probably need to clear your browser's cache.
-
-
Hmmm... strange. I had 2 entries that I had updated that had near identical content when I realized that the js had been deleted after the update. Turns out 1 updated just fine while the other had the js deleted. That is what kicked off my issue. I didn't realize that the other updated just fine without having the js deleted. No matter how many things I tried that 1 entry would delete the js. When I realized that the other entry updated just fine I copied the source from that entry into the misbehaving entry and incredibly the js wasn't deleted. Could there perhaps been some sort of issue with the html structure that was causing the js to be deleted? Seems like some fishy was going on... but I'm not sure what.
Either way, my immediate issue is resolved. -
-
Did the one that wasn't working have just "<script>" rather than "<script type="javascript">" ? Your regex wouldn't work with the former.
-
-
no... they both had the version I put up in pastie... and no matter how many times I pasted just the js to the existing entry it would not save. But once I pasted in the entire contents (html and js) from that other entry, it saved just fine. Pretty peculiar (and frustrating). It is possible there were minor html differences between the two entries, but that was it.
-
-
Hmm, very weird.
-
EMPLOYEE
EMPLOYEE
