1. 首页
  2. 问答
  3. 如何防止tinymce从输入元素中剥离'style'属性?

如何防止tinymce从输入元素中剥离'style'属性?

2012-04-24 294 views
5

我一直在阅读官方文档和博客文章,所以几个小时,某些地方的答案将张贴已经..但没有运气。如何防止tinymce从输入元素中剥离'style'属性?

似乎没有任何配置摆弄的数量。停止tinymce从我的输入/提交<p>元素中去除内联“样式”属性。我需要所有输入元素的'样式'属性..但我只是开始通过测试<p>甚至让它工作。

  • TinyMCE的版本3.5b3

这里是我的配置的最新迭代。 (超出许多变化/尝试):

tinyMCE.init({ 
    mode : "textareas", 
    theme : "advanced", 

    plugins : "emotions,spellchecker,advhr,insertdatetime,preview,paste,table,media,directionality,style,xhtmlxtras,nonbreaking,pagebreak", 

    theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,formatselect,fontselect,fontsizeselect", 
    theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor", 
    theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,ltr,rtl", 
    theme_advanced_buttons4 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,nonbreaking,pagebreak", 

    theme_advanced_toolbar_location : "top", 
    theme_advanced_toolbar_align : "left", 
    theme_advanced_statusbar_location : "bottom", 
    theme_advanced_resizing : true, 

    doctype : "<!DOCTYPE html>", 

    convert_urls : false, 

    //template_external_list_url : "gen4tinymce/lists/template_list.js", 
    external_link_list_url : "gen4tinymce/lists/link_list.js", 
    //media_external_list_url : "gen4tinymce/lists/media_list.js", 

    valid_elements : "@[id|class|style|title|dir<ltr?rtl|lang|xml::lang]," 
    + "a[rel|rev|charset|hreflang|tabindex|accesskey|type|" 
    + "name|href|target|title|class],strong/b,em/i,strike,u," 
    + "#p[style],-ol[type|compact],-ul[type|compact],-li,br,img[longdesc|usemap|" 
    + "src|border|alt=|title|hspace|vspace|width|height|align],-sub,-sup," 
    + "-blockquote,-table[border=0|cellspacing|cellpadding|width|frame|rules|" 
    + "height|align|summary|bgcolor|background|bordercolor],-tr[rowspan|width|" 
    + "height|align|valign|bgcolor|background|bordercolor],tbody,thead,tfoot," 
    + "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor" 
    + "|scope],#th[colspan|rowspan|width|height|align|valign|scope],caption,-div," 
    + "-span,-code,-pre,address,-h1,-h2,-h3,-h4,-h5,-h6,hr[size|noshade],-font[face" 
    + "|size|color],dd,dl,dt,cite,abbr,acronym,del[datetime|cite],ins[datetime|cite]," 
    + "object[classid|width|height|codebase|*],param[name|value|_value],embed[type|width" 
    + "|height|src|*],map[name],area[shape|coords|href|alt|target],bdo," 
    + "button,col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|" 
    + "valign|width],dfn,fieldset,form[action|accept|accept-charset|enctype|method]," 
    + "input[accept|alt|checked|disabled|maxlength|name|readonly|size|src|type|value]," 
    + "kbd,label[for],legend,noscript,optgroup[label|disabled],option[disabled|label|selected|value]," 
    + "q[cite],samp,select[disabled|multiple|name|size],small," 
    + "textarea[cols|rows|disabled|name|readonly],tt,var,big", 

    extended_valid_elements : "p[style]", 
    inline_styles : true, 
    verify_html : false 
});

感谢您的任何建议!

来源

2012-04-24 govinda

回答

3

This fiddle显示您的tinymce配置是绝对完美的:所有元素都可以使用样式属性,但它不会被剥离。

来源

2012-04-24 07:20:18 Thariama

+1

是的,我剥了下来,整个事情作为一个测试..隔离JUST TinyMCE的,它按预期工作,就像你说的,并显示。所以我需要弄清楚什么是剥离样式属性...我使用的PHP框架,CodeIgniter,或者什么。我会回到这里接受你的回答。我只是暂时将它开放,以防万一任何人发布一些东西,这可以让我更多时间找出罪魁祸首。 ;-) – govinda 2012-04-24 15:35:18

12

正如Thariama指出的那样,tinymce并没有错,但是我不知道CodeIgniter的所有功能都在做什么。如果你发现你遇到同样的问题,这是我如何解决它;请看这里: Codeigniter - Disable XSS filtering on a post basis

来源

2012-04-25 03:07:05 govinda

+0

工作解决方案的+1和邪恶的源头 – Thariama 2012-04-25 07:55:07

+0

不要使用CodeIgniter它是最糟糕的PHP框架之一;) – 2014-01-28 10:37:39

0

你可以用一个Ajax请求尝试,这样

$("#submit").click(function(e) { 
    ie8SafePreventEvent(e); 
    var form_data = $("#form").serialize(); 
    var content = $.base64.encode(tinyMCE.activeEditor.getContent()); 
    $.ajax({ 
     type: "POST", 
     url: "/your/post/processor", 
     data: form_data + "&coded_content=" + content, 
     success: function(return_msg){ 
      do_something 
      }, 
     error: function(){ 
      alert("Sorry, we got an error, try later"); 
      } 
     }); 
    });

显然在你的控制器,你必须base64decode ...

来源

2012-12-27 00:45:02

0

我也是用笨,虽然我没设置$config['global_xss_filtering'] = false;我仍然有样式属性的问题。因此,如果没有一个解决方案,为你工作,你可以尝试提交,并使用其放置在一个隐藏字段的Javascript以base64 TinyMCE的数据进行编码:

$('#hiddenField').val(window.btoa(tinyMCE.get('tinyMCEtextareaID').getContent()));

这样你保留原来的字符串,它可以很容易利用解码PHP:

$htmlstring = base64_decode($_POST['hiddenField']);

来源

2016-11-25 11:26:04 aadilp

相关问题

 相关问题