TinyMCE stripping <script> and <iframe> tags in 5.2.4

bob@n-flatables · #1 05-14-2015, 10:36 AM

How can I fix this? Previously saved category descriptions (that were working fine) now break if I try to edit them. Upon inspection, all <iframe> and <script> tags are removed when I hit Save on the wysiwyg editor.

totaltec · #2 05-14-2015, 11:10 AM

I don't think this is caused by tiny MCE, it is the htmlpurifier lib. I'm not sure if this is recommended but I changed this for a client by decorating the isParamTrusted() method of the View\RequestHandler\ARequestHandler class.

bob@n-flatables · #3 05-14-2015, 11:14 AM

Is this some new bug? It's so bad that I can't even embed a video using the video button on the wysiwyg editor and pasting in the embed code. It strips out the iframe every time.

It worked fine in 5.2.2.

EDIT: Is it perhaps this change?

2015-04-12 - [Bug] HTMLPurifier library is added to prevent potential dangerous content in input variables. #BUG-629 (Vladimir Semyonov)

stvnjacobs · #4 05-21-2015, 06:16 AM

Has anyone resolved this? I came here looking for a way to remove this htmpurifier lib completely. It is destroying formatting of description fields that once worked perfectly fine, and preventing me from properly laying out my site. I was able to modify it to accept all <iframe> tags by flagging them as safe, but that was a less desirable workaround than adding the HTML5 video features that I was trying to implement. htmlpurifer is checking against HTML 4, from what I can tell. Even for things that should just work, it is getting in the way: removing id's, removing <div>'s, removing <spans>, and the list goes on. I just want it gone!

stvnjacobs · #5 05-21-2015, 06:18 AM

I had filed a bug on the 12th, but not yet heard a response. It was confirmed, though.

https://bt.x-cart.com/view.php?id=44680

qualiteam · #6 05-28-2015, 12:03 AM

Quote:

Originally Posted by stvnjacobs

I had filed a bug on the 12th, but not yet heard a response. It was confirmed, though.

This is going to be fixed in the next 5.2.5 version.

tony_sologubov · #7 05-29-2015, 04:53 AM

JFYI 5.2.5 is coming out next week.

bob@n-flatables · #8 06-03-2015, 12:58 PM

5.2.5 seems to have fixed everything, including the Multilevel Primary Menu module (which was completely nonfunctional in 5.2.4).

Testing on my site, divs (including IDs), scripts, and iframe tags are all working in Category Descriptions and Pages.

RichieRich · #9 09-16-2015, 05:08 AM

I have an issue this modules just appears with a blank space where the description should be, i have to disable it to see the text, it has been like that for me for several versions

razortw · #10 09-16-2015, 09:24 AM

Quote:

Originally Posted by RichieRich

I have an issue this modules just appears with a blank space where the description should be, i have to disable it to see the text, it has been like that for me for several versions

Hello Richard.
Are there any JavaScript errors in the browser console?

Anyway, this is kind of a rare issue, so I would advise to file support ticket to have our engineers investigate it right in your store. Also, please let me know the ID of the ticket so that I could speed it up.