Hi,
I’ve been using your TinyMCE plug-in for Rails very happily for a while
now. I’ve run into one problem that I just can’t seem to solve and I’m
slowly going bats.
I want to allow users to paste in html forms into the TinyMCE editor. I
realize the form tags are cleaned out prior to save in order to prevent
XSS
attacks, but after a lot of looking I found that TinyMCE will allow you
to
override what gets scrubbed out.
So I changed the default code for the controller (provided by the wiki
example) from:
uses_tiny_mce(:options => {:theme => ‘advanced’,
:browsers => %w{msie gecko},
:theme_advanced_toolbar_location => “top”,
:theme_advanced_toolbar_align => “left”,
:theme_advanced_resizing => true,
:theme_advanced_resize_horizontal => false,
:paste_auto_cleanup_on_paste => true,
:theme_advanced_buttons1 => %w{formatselect
fontselect fontsizeselect bold italic underline strikethrough
separator justifyleft justifycenter justifyright indent outdent
separator bullist numlist forecolor backcolor separator link unlink
image undo redo},
:theme_advanced_buttons2 => [],
:theme_advanced_buttons3 => [],
:plugins => %w{contextmenu paste}},
:only => [:new, :edit, :show, :index])
To:
uses_tiny_mce(:options => {:theme => ‘advanced’,
:browsers => %w{msie gecko},
:extended_valid_elements =>
“form[name|id|action|method|enctype|accept-charset|onsubmit|onreset|target],input[alt|border|id|name|type|value|size|maxlength|checked|accept|src|width|height|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect],textarea[id|name|rows|cols|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect],option[name|id|value],select[id|name|type|value|size|maxlength|checked|accept|src|width|height|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect|length|options|selectedIndex]”,
:theme_advanced_toolbar_location => “top”,
:theme_advanced_toolbar_align => “left”,
:theme_advanced_resizing => true,
:theme_advanced_resize_horizontal => false,
:paste_auto_cleanup_on_paste => false,
:theme_advanced_buttons1 => %w{formatselect
fontselect fontsizeselect bold italic underline strikethrough
separator justifyleft justifycenter justifyright indent outdent
separator bullist numlist forecolor backcolor separator link unlink
image undo redo},
:theme_advanced_buttons2 => [],
:theme_advanced_buttons3 => [],
:plugins => %w{contextmenu paste}},
:only => [:new, :edit, :show, :index])
Unfortunately, that’s not doing what is expected. In fact, it’s not
doing
anything at all. In desperation I went to the public/tiny_mce.js
directory
and edited the extended_valid_elements attribute directly, but that had
the
same result… no change.
Anyone have any insights?
Joe