Joomla! Issue Tracker | Joomla! CMS #336 - Update media/editors/tinymce/jscripts/tiny_mce/tiny

Closed
29 Aug 2012
Medium
Build: master
# 336
Diff
case303:patch-2

Pending

User tests: Successful: Unsuccessful:

case303
28 Aug 2012

Problems inserting templates within tiny_mce led me to these two changes within her mceInsertContent & parse functions

Please tell me what's wrong with my changes, as I assume this creates a security risk..
I tried various methods within Joomla! to set valid html elements, including:
Global Options -> text filtering..
in my form.xml

filter="raw"

This helped..
plugins/.../tinymce.php

$elements[] = 'p[*]';
$elements[] = 'a[*]';
$elements[] = 'div[*]';

setContent() was never called within mceInsertContent, only setHTML().
It appears to me that tinymce's parse function is not comparing inserted elements with acceptable elements correctly.. thinking standard tags were invalid.. Also, stripping templates tags when serializing..

Hopefully this leads to a proper solution..
Perhaps a newer version of tiny_mce solves this issue correctly.

a3a41d0 28 Aug 2012

Update media/editors/tinymce/jscripts/tiny_mce/tiny_mce.js

case303 - open - 28 Aug 2012

case303 - comment - 28 Aug 2012

Specific edits:
approx. line #11251

//----- Original code
if(!G.invalid){
//  K=J.serialize(F);
//  A=E.firstChild;
//  M=E.lastChild;
//  if(!A||(A===M&&A.nodeName==="BR")){
//      m.setHTML(E,K)
//  }else{
//      p.setContent(K)
//  }

//----- changed to
if(!G.invalid){
      p.setContent(K);

approx. line #2831

//----- Original code
if(z&&M.length){
    if(!m.context){
        j(M)

//----- changed to
    if(m.context){

case303 - close - 29 Aug 2012

realityking - comment - 29 Aug 2012

We really should update TinyMCE first. Also if this is an issue it should be fixed upstream first (if possible).

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#336] - Update media/editors/tinymce/jscripts/tiny_mce/tiny_mce.js

Add a Comment