CKEDITOR

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

CKEDITOR

Post by ronwill » 2021-03-05 00:26

Since the last update (to image folder etc.) CKEDITOR no longer works fully with AppGini:
Images in the editor, on saving a record no longer save the image in your defined size (px or %) they save only image in original file size and text also does not wrap round image either.

Anyone else come across this or found a solution?
It's annoying as it happens on every project I update with new AG version and I now have a number of users getting frustrated due to image overflows, no wrapping and no possibility to set images as say 50% editor width etc. I've been using CKEDITOR for many years now with AG without issue as much prefer it to NICEDIT

Cheers,
Ron
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

Re: CKEDITOR

Post by ronwill » 2021-03-05 11:13

Seems to have something with XSS Filtering!?

I put into editor:
<p><img alt="" src="images/data.jpg" style="height:225px; width:400px" /></p>

On save it strips out the style attributes
<p><img alt="" src="images/data.jpg" /></p>

Safe solutions???

Ron
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

Re: CKEDITOR

Post by ronwill » 2021-03-05 11:35

Found a solution that works - BUT is it safe (appreciate experts feedback)

in file: ci_input.php

Under: protected function - line 629 my file)
Code is:

Code: Select all

	protected function _sanitize_naughty_html($matches) {
		static $naughty_tags    = array(
			'alert', 'area', 'prompt', 'confirm', 'applet', 'audio', 'basefont', 'base', 'behavior', 'bgsound',
			'blink', 'body', 'embed', 'expression', 'form', 'frameset', 'frame', 'head', 'html', 'ilayer',
			'iframe', 'input', 'button', 'select', 'isindex', 'layer', 'link', 'meta', 'keygen', 'object',
			'plaintext', 'style', 'script', 'textarea', 'title', 'math', 'video', 'svg', 'xml', 'xss'
		);

		static $evil_attributes = array(
			'on\w+', 'style', 'xmlns', 'formaction', 'form', 'xlink:href', 'FSCommand', 'seekSegmentTime'
		);

After removal of the 2 'style' tags everything working again in my editor. I just don't know how 'safe' my action is?
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

Post Reply