Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hello, first of all I'm sorry about my english.
Lately we are seeing TinyMCE (the wysiwyg editor we use) inserting images as embedded data (using http://en.wikipedia.org/wiki/Data_URI_scheme) on some browsers.
This results in content containing strings like:
When content containing such data is passed to the SpamSpan filter an endless execution is the result.
I hope my explanation is clear enough.
Best regards and thank you for your work!
Comment | File | Size | Author |
---|---|---|---|
#2 | sample_string.txt | 260.99 KB | NITEMAN |
Comments
Comment #1
NITEMAN CreditAttribution: NITEMAN commentedSorry the sample string is missing, Attached you'll find sample string.
Comment #2
NITEMAN CreditAttribution: NITEMAN commentedComment #3
killua99 CreditAttribution: killua99 commentedsub
Comment #4
lakka CreditAttribution: lakka commentedIs that a valid data URI? I cannot access it using Safari? Does the problem arise with a smaller image, eg this one (from wikipedia):
Comment #5
NITEMAN CreditAttribution: NITEMAN commentedThe image is shown correctly inside TinyMCE, but not after node submision (this can occur due to diverse reasons).
With smaller images the process ends, but performance is heavily degraded.
We are working on a workaround in wysiwyg module to avoid this kind of insertions on the DB (http://drupal.org/node/1193036)
Any insights will be appreciated.
Best regards
Comment #6
NITEMAN CreditAttribution: NITEMAN commentedComment #7
NITEMAN CreditAttribution: NITEMAN commentedI've solved the interaction creating an input filter which replaces such images before.
Involved regex is
'~"(?:data:)?image/(?:png|gif|jpg|jpeg);base64,[+=\w\s\d\/]*"~imu'
JS replace in wysiwyg would be a nice complement (and maybe some input validation to prevent malicious insertions): http://drupal.org/node/1193036
Thank you again for your support!
PS: I still think it's a good idea for spamspan to check string length prior to start it's process.
Comment #8
NITEMAN CreditAttribution: NITEMAN commented