Hello, first of all I'm sorry about my english.

Lately we are seeing TinyMCE (the wysiwyg editor we use) inserting images as embedded data (using http://en.wikipedia.org/wiki/Data_URI_scheme) on some browsers.

This results in content containing strings like:

Only local images are allowed.

When content containing such data is passed to the SpamSpan filter an endless execution is the result.

I hope my explanation is clear enough.

Best regards and thank you for your work!

CommentFileSizeAuthor
#2 sample_string.txt260.99 KBNITEMAN
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented

Sorry the sample string is missing, Attached you'll find sample string.

NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented
FileSize
sample_string.txt260.99 KB
killua99’s picture

killua99 CreditAttribution: killua99 commented

sub

lakka’s picture

lakka CreditAttribution: lakka commented

Is that a valid data URI? I cannot access it using Safari? Does the problem arise with a smaller image, eg this one (from wikipedia):

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot">
NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented

The image is shown correctly inside TinyMCE, but not after node submision (this can occur due to diverse reasons).

With smaller images the process ends, but performance is heavily degraded.

We are working on a workaround in wysiwyg module to avoid this kind of insertions on the DB (http://drupal.org/node/1193036)

Any insights will be appreciated.

Best regards

NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented
Category: bug » support
NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented

I've solved the interaction creating an input filter which replaces such images before.

Involved regex is '~"(?:data:)?image/(?:png|gif|jpg|jpeg);base64,[+=\w\s\d\/]*"~imu'

JS replace in wysiwyg would be a nice complement (and maybe some input validation to prevent malicious insertions): http://drupal.org/node/1193036

Thank you again for your support!

PS: I still think it's a good idea for spamspan to check string length prior to start it's process.

NITEMAN’s picture

NITEMAN CreditAttribution: NITEMAN commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.