The Joomla! Forum ™



Forum rules


Forum Rules
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ] 
Author Message
PostPosted: Tue Apr 21, 2009 10:46 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 30, 2005 11:07 pm
Posts: 30
Hi,

I'm using tinymce to edit article on the frontend.
I need to add a link with a popup (<a href="..." onclick=".....">)
For devil reason, when i save the article, the onclick function is stripped out.

Is someone know which file make the analysis of the content of article before saving it ?

ans especially is it done in javascript file or php file (it seems it is in a php file but I don't knwo which one and in whiche function)

Regards.
And thank for any help


Top
 Profile  
 
PostPosted: Wed Apr 22, 2009 12:06 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sun Nov 04, 2007 1:12 am
Posts: 1369
Location: Brazil
pcollet wrote:
Hi,

I'm using tinymce to edit article on the frontend.
I need to add a link with a popup (<a href="..." onclick=".....">)
For devil reason, when i save the article, the onclick function is stripped out.

Is someone know which file make the analysis of the content of article before saving it ?

ans especially is it done in javascript file or php file (it seems it is in a php file but I don't knwo which one and in whiche function)

Regards.
And thank for any help

Since a few releases ago, Joomla! has a content filtering feature that blacklists (by default) some html tags and attributes, but you can set it to suit your needs.

In the back-end, go to Contents --> Article Manager then click on the "Parameters" button in the toolbar. Scroll all the way down and you'll find the "Filtering Options".

To set it so the super-admin can enter whatever tags and attributes he/she wants, you have select Super Administrator in the "Group Options", then choose "whitelist" for the "Filter Type".

You can work out what options are best for your site. You can white list every user (choose Public Frontend in the group) or narrow it down as needed. You can also extend the blacklisted tags/attributes by filling the desired ones in the "Filter Tags" and "Filter Attributes" fields.

Hope this helps,

_________________
Airton Torres
Joomla Bug Squad http://groups.google.com/group/joomlabugsquad
Community website - http://community.joomla.org
Unsolicited support PMs will be deleted and the user added to the foes list.


Top
 Profile  
 
PostPosted: Wed Apr 22, 2009 9:17 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 30, 2005 11:07 pm
Posts: 30
Thanks for your reply.

If i want to allow 'onclick' attributes inside a href. What should I do ?

I've tried to select all user, add tags "ref", add attributes "onclick", and select whitelist.

But now, all html are stripped out (Only text is stayed).

I'm not sure it is at this step the "onclick" is filtered out. do you know which php file manage this contente filtering. I want to check directly inside the code if the "onclick" is not filter before.

(I havenot the problem on a standard site, but i have it on a website that use a lot of symbolic link. So I want to look where is my problem and where does it come from).

Regards


Top
 Profile  
 
PostPosted: Wed Apr 22, 2009 8:36 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 30, 2005 11:07 pm
Posts: 30
My problem was solved (not the good way but it works).

Issue :

When I use the button "edit/insert link" of TinyMCE on front-end to create a popup, it generates html tag href with a onclick event. This event are stripped out when the article is stored in database.

The "problem" comes from the file filterinput.php (Joomla/libraries/filter) (function __cleanAttributes that automatically strip out any attributes beginning by "on".

Temporary solution :

I suppress in filterinput.php the condition for this removal.

I don't if it is good for security reasons but I think we should have a regular solution for that problem to fit with tinyMCE that allow popup creation.


Top
 Profile  
 
PostPosted: Thu Apr 23, 2009 12:00 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sun Nov 04, 2007 1:12 am
Posts: 1369
Location: Brazil
Hello again,

Did you try to disable the code cleanup in the Editor - TinyMCE 2.0 plugin?

Go to Extensions --> Plugin Manager and edit the "Editor - TinyMCE 2.0" plugin. Then change the "Code Cleanup on Save" option to "Never" or "Front Only" and/or the "Do Not Cleanup HTML Entities" option to "Yes", then save.

Regards,

_________________
Airton Torres
Joomla Bug Squad http://groups.google.com/group/joomlabugsquad
Community website - http://community.joomla.org
Unsolicited support PMs will be deleted and the user added to the foes list.


Top
 Profile  
 
PostPosted: Thu Apr 23, 2009 9:36 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Nov 30, 2005 11:07 pm
Posts: 30
Hi,

It is great to have a guru that follow my issue (thanks for that).

I do no change default parameter of tinymce plugin.
To my mind, the plugin is not involved in my issu as when i trace some var in debug mode, i found that the whole conten with onclicj event is well received by the server (var_dump($data)).

I have opened the bug tracker #16110.

To my mind the issue comes from the conditional test in cleanattribtutes
function in Jfilterinput and especially the last part that block any event 'onclick, onblur'.

"if ((!preg_match('/[a-z]*$/i', $attrSubSet[0])) || (($this->xssAuto)
&& ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) ||
(substr($attrSubSet[0], 0, 2) == 'on')))) "


Top
 Profile  
 
PostPosted: Thu Apr 23, 2009 9:48 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sun Nov 04, 2007 1:12 am
Posts: 1369
Location: Brazil
Hi,

Your issue is being taken care by the JBS.

We'll soon have a final status on that.

Regards,

_________________
Airton Torres
Joomla Bug Squad http://groups.google.com/group/joomlabugsquad
Community website - http://community.joomla.org
Unsolicited support PMs will be deleted and the user added to the foes list.


Top
 Profile  
 
PostPosted: Tue Jun 16, 2009 7:13 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Jun 05, 2008 6:26 pm
Posts: 22
airton wrote:
Go to Extensions --> Plugin Manager and edit the "Editor - TinyMCE 2.0" plugin. Then change the "Code Cleanup on Save" option to "Never" or "Front Only" and/or the "Do Not Cleanup HTML Entities" option to "Yes", then save.


Thank you! This helped with an issue for me. :)

_________________
Join the CIA! www.CaninesInAction.com


Top
 Profile  
 
PostPosted: Wed Aug 26, 2009 11:39 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 08, 2009 1:38 pm
Posts: 28
airton wrote:
Since a few releases ago, Joomla! has a content filtering feature that blacklists (by default) some html tags and attributes, but you can set it to suit your needs.

In the back-end, go to Contents --> Article Manager then click on the "Parameters" button in the toolbar. Scroll all the way down and you'll find the "Filtering Options".

To set it so the super-admin can enter whatever tags and attributes he/she wants, you have select Super Administrator in the "Group Options", then choose "whitelist" for the "Filter Type".

You can work out what options are best for your site. You can white list every user (choose Public Frontend in the group) or narrow it down as needed. You can also extend the blacklisted tags/attributes by filling the desired ones in the "Filter Tags" and "Filter Attributes" fields.

Hope this helps,


Does this apply to modules or just articles?


Top
 Profile  
 
PostPosted: Wed Aug 26, 2009 12:01 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sun Nov 04, 2007 1:12 am
Posts: 1369
Location: Brazil
Hi ewrwerwer,

This goes only for articles. There are no filtering options for modules, although the editor itself - if used - may have some code cleanup settings that might strip some html tags and attributes.

_________________
Airton Torres
Joomla Bug Squad http://groups.google.com/group/joomlabugsquad
Community website - http://community.joomla.org
Unsolicited support PMs will be deleted and the user added to the foes list.


Top
 Profile  
 
PostPosted: Wed Aug 26, 2009 12:16 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 08, 2009 1:38 pm
Posts: 28
Thanks for the reply Airton!

Do you have any idea where (or what) the best place (or code) to search for might be? The edit form of the module in question does not appear to lead to anything that would strip out HTML yet is does so! I simply don't know where to look :(


Top
 Profile  
 
PostPosted: Wed Aug 26, 2009 12:30 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sun Nov 04, 2007 1:12 am
Posts: 1369
Location: Brazil
ewrwerwer wrote:
Thanks for the reply Airton!

Do you have any idea where (or what) the best place (or code) to search for might be? The edit form of the module in question does not appear to lead to anything that would strip out HTML yet is does so! I simply don't know where to look :(
Sorry, it's hard to tell without looking at the module's code, because it could be the module itself doing the cleanup, or it could be using the core methods, or both.

_________________
Airton Torres
Joomla Bug Squad http://groups.google.com/group/joomlabugsquad
Community website - http://community.joomla.org
Unsolicited support PMs will be deleted and the user added to the foes list.


Top
 Profile  
 
PostPosted: Wed Aug 26, 2009 1:14 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 08, 2009 1:38 pm
Posts: 28
Thanks so much. I don't think it's the module. Can I just ask where I'd look for the core method?


Top
 Profile  
 
PostPosted: Mon Nov 14, 2011 4:28 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Nov 14, 2011 4:00 am
Posts: 19
airton wrote:
pcollet wrote:
Hi,

I'm using tinymce to edit article on the frontend.
I need to add a link with a popup (<a href="..." onclick=".....">)
For devil reason, when i save the article, the onclick function is stripped out.

Is someone know which file make the analysis of the content of article before saving it ?

ans especially is it done in javascript file or php file (it seems it is in a php file but I don't knwo which one and in whiche function)

Regards.
And thank for any help

Since a few releases ago, Joomla! has a content filtering feature that blacklists (by default) some html tags and attributes, but you can set it to suit your needs.

In the back-end, go to Contents --> Article Manager then click on the "Parameters" button in the toolbar. Scroll all the way down and you'll find the "Filtering Options".

To set it so the super-admin can enter whatever tags and attributes he/she wants, you have select Super Administrator in the "Group Options", then choose "whitelist" for the "Filter Type".

You can work out what options are best for your site. You can white list every user (choose Public Frontend in the group) or narrow it down as needed. You can also extend the blacklisted tags/attributes by filling the desired ones in the "Filter Tags" and "Filter Attributes" fields.

Hope this helps,


Thanks, my problem solved by this. :)


Top
 Profile  
 
PostPosted: Fri Feb 03, 2012 5:25 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Feb 03, 2012 5:08 am
Posts: 4
airton wrote:
pcollet wrote:
Hi,

I'm using tinymce to edit article on the frontend.
I need to add a link with a popup (<a href="..." onclick=".....">)
For devil reason, when i save the article, the onclick function is stripped out.

Is someone know which file make the analysis of the content of article before saving it ?

ans especially is it done in javascript file or php file (it seems it is in a php file but I don't knwo which one and in whiche function)

Regards.
And thank for any help

Since a few releases ago, Joomla! has a content filtering feature that blacklists (by default) some html tags and attributes, but you can set it to suit your needs.

In the back-end, go to Contents --> Article Manager then click on the "Parameters" button in the toolbar. Scroll all the way down and you'll find the "Filtering Options".

To set it so the super-admin can enter whatever tags and attributes he/she wants, you have select Super Administrator in the "Group Options", then choose "whitelist" for the "Filter Type".

You can work out what options are best for your site. You can white list every user (choose Public Frontend in the group) or narrow it down as needed. You can also extend the blacklisted tags/attributes by filling the desired ones in the "Filter Tags" and "Filter Attributes" fields.

Hope this helps,


It works for only admin user and super admin user,,,but manager user=.=,,,
what can i do?


Top
 Profile  
 
PostPosted: Fri Mar 30, 2012 10:55 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Mar 30, 2012 10:53 pm
Posts: 12
I have no filtering set on Super User on Joomla! version 2.5.3 my tags are still being stripped?!?

:'( :(


Top
 Profile  
 
PostPosted: Fri Apr 27, 2012 1:26 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Apr 25, 2012 2:17 pm
Posts: 9
Location: indore,india
i have the problem to show data on front end of content table but there is HTML tags come with the data..plz give me solution.

i find out the function str_ireplace(),but it also didnt work..


Top
 Profile  
 
PostPosted: Fri Apr 27, 2012 2:03 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Apr 25, 2012 2:17 pm
Posts: 9
Location: indore,india
hey...!! i solve the problem of showing data with HTML tags on front end....use the strip_tag($var),$var="the variable in which the data store with HTML tags"...

thanks to my seniors


Top
 Profile  
 
PostPosted: Fri Apr 27, 2012 2:11 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Apr 25, 2012 2:17 pm
Posts: 9
Location: indore,india
htmlspecialchars — Convert special characters to HTML entities

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with these conversions made. If you require all HTML character entities to be translated, use htmlentities() instead.


this will surely work for vice versa of my problem... :eek:


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ] 



Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group