tinyMCE issues

flamingsole · November 29, 2007, 3:42am

Hello,

In using the tinyMCE plugin, I’m having issues with the html tags being
entirely stripped out before being stored in the database.

Everything appears correctly in the textarea, with lists or bold or
italics, or whatever, but when it is submitted nothing is preseved.

Now, my application_helper.rb does have the following methods, but the
tags are stripped even without these methods:

def remove_tags(html, tags = [:a, :abbr, :acronym, :b, :blockquote,
:cite, :code, :del, :em, :i, :q, :ul, :ol, :li, :p, :strike, :strong])
sanitize(CGI::unescapeElement(CGI::escapeHTML(html), tags))
end

def sanitize( html, okTags=‘a href, strong, br, em, p’ )

no closing tag necessary for these

soloTags = [“br”,“hr”]

Build hash of allowed tags with allowed attributes

tags = okTags.downcase().split(’,’).collect!{ |s| s.split(’ ') }
allowed = Hash.new
tags.each do |s|
key = s.shift
allowed[key] = s
end

Analyze all <> elements

stack = Array.new
result = html.gsub( /(<.?>)/m ) do | element |
if element =~ /\A</(\w+)/ then
#
tag = $1.downcase
if allowed.include?(tag) && stack.include?(tag) then
# If allowed and on the stack
# Then pop down the stack
top = stack.pop
out = “</#{top}>”
until top == tag do
top = stack.pop
out << “</#{top}>”
end
out
end
elsif element =~ /\A<(\w+)\s/>/
#
tag = $1.downcase
if allowed.include?(tag) then
“<#{tag} />”
end
elsif element =~ /\A<(\w+)/ then
# <tag …>
tag = $1.downcase
if allowed.include?(tag) then
if ! soloTags.include?(tag) then
stack.push(tag)
end
if allowed[tag].length == 0 then
# no allowed attributes
“<#{tag}>”
else
# allowed attributes?
out = “<#{tag}”
while ( $’ =~ /(\w+)=("[^"]+")/ )
attr = $1.downcase
valu = $2
if allowed[tag].include?(attr) then
out << " #{attr}=#{valu}"
end
end
out << “>”
end
end
end
end

eat up unmatched leading >

while result.sub!(/\A([^<]*)>/m) { $1 } do end

eat up unmatched trailing <

while result.sub!(/<([^>]*)\Z/m) { $1 } do end

clean up the stack

if stack.length > 0 then
result << “</#{stack.reverse.join(’></’)}>”
end

result
end

I thought remove_tags specified tags that were allowed, but either way
it seems like things should work when those methods are entirely
removed. Any thoughts on how I can get this working? Thanks so much for
any ideas.

Jonathan

flamingsole · November 29, 2007, 4:11am

Nevermind. I had a strip all tags function in a helper I hadn’t checked,
and had forgotten about. Problem solved.