We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

tinymce

July 04, 2009 2:28am

Subscribe [3]

  • #1 / Jul 04, 2009 2:28am

    timaksu

    25 posts

    hi guys, this really would belong to the tinymce support forum but im using it in codeigniter and i find this place alot better 😊

    anyway, i’ve included a tinymce textarea into the default welcome page and made it print out the contents when i submit the textarea. problem is in security. i want to use this in my application for when users need to leave comments (same way they do on, say, wordpress posts). i enabled the bbcode plugin and some buttons like bold, italic, and underline DO work fine. when i submit a bit of bold text, i get ‘text’. however, despite there being no buttons that dont work with html, the user is still able to paste in html content. so for example. if i copy the first few lines of the welcome page:

    Welcome to CodeIgniter!
The page you are looking at is being generated dynamically by CodeIgniter.

If you would like to edit this page you'll find it located at:

system/application/views/welcome_message.php

    en the “<code>” tags around the last line.

    i can also type in something like [removed][removed] and that works fine too.

    i can solve the problem of html being submited by using stript_tags (If there is any codeigniter helpers etc for this sort of stuff it’d be good to know ^^) so that handles that fixes problem #1. problem 2# is that this is a what you see is what you get editor. when i copy a whole lot of content from a website and paste it in, it retains all the styling which will be removed upon submition. that sort of kills the whole WYSIWYG thing.

    all i wanted was a textarea that provides a visual way to format your comment with bbcode..its turning out to be harder than i though ;[

  • #2 / Jul 06, 2009 6:25am

    Maglok

    402 posts

    I use tinyMCE on some of my textareas, works perfectly.

    Have you tried seeing what it saves the text as to a database? I got a feeling BB code will not be putting it in proper HTML, but in BBCode that forums will understand.

  • #3 / Jul 06, 2009 7:05am

    Colin Williams

    2601 posts

    The problem is very difficult to solve on the front end. First of all, when your OS copies text, it’s smart enough to copy any markup the goes with it. Secondly, WYSIWYG editing is made possible by browsers having it built in. So the first thing to do is resolve yourself to the fact that improperly formatted, unwanted markup is going to come your way if you use these tools.

    What you need to do is sanitize the markup either before you store it or, better yet, before your display it. I can’t think of any made-for-CI functions I’ve seen for this, but strip_tags() is probably going to do most of everything for you. You could also scour the internet for PHP classes that do this kind of work, then implement those as CI libraries. One other thing to look into is what possible cleanup routines TinyMCE can perform before the contents of the WYSIWYG are posted to the server.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register