Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hello, first of all I'm sorry about my english.
Lately we are seeing TinyMCE (the wysiwyg editor we use) inserting images as embedded data (using http://en.wikipedia.org/wiki/Data_URI_scheme) on some browsers.
This results in content containing strings like:
When content containing such data is passed to the SpamSpan filter an endless execution is the result.
I hope my explanation is clear enough.
Best regards and thank you for your work!
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | sample_string.txt | 260.99 KB | niteman |
Comments
Comment #1
niteman commentedSorry the sample string is missing, Attached you'll find sample string.
Comment #2
niteman commentedComment #3
killua99 commentedsub
Comment #4
lakka commentedIs that a valid data URI? I cannot access it using Safari? Does the problem arise with a smaller image, eg this one (from wikipedia):
Comment #5
niteman commentedThe image is shown correctly inside TinyMCE, but not after node submision (this can occur due to diverse reasons).
With smaller images the process ends, but performance is heavily degraded.
We are working on a workaround in wysiwyg module to avoid this kind of insertions on the DB (http://drupal.org/node/1193036)
Any insights will be appreciated.
Best regards
Comment #6
niteman commentedComment #7
niteman commentedI've solved the interaction creating an input filter which replaces such images before.
Involved regex is
'~"(?:data:)?image/(?:png|gif|jpg|jpeg);base64,[+=\w\s\d\/]*"~imu'JS replace in wysiwyg would be a nice complement (and maybe some input validation to prevent malicious insertions): http://drupal.org/node/1193036
Thank you again for your support!
PS: I still think it's a good idea for spamspan to check string length prior to start it's process.
Comment #8
niteman commented