Home » Download » Modules » FCKeditor - WYSIWYG HTML editor » Issues

Default XSS filter is always executed if filter by node type is enabled and only one input format is available

wwalc - February 16, 2009 - 17:19
Project:FCKeditor - WYSIWYG HTML editor
Version:6.x-1.3
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:postponed (maintainer needs more info)
Description

Originally reported by jamuraa in #295642: fckeditor keeps stripping away my inline css!:

I have a custom input format assigned to the node, with a simple custom filter which doesn't munge any of the style stuff.

It doesn't matter what my security settings are in FCKeditor profile, putting any of them on doesn't change the fact that it is only filtered by 'filter/0/1' every time if you are a non-admin user. I suspect it may be because there is no 'input formats' element in the form to detect if you are only allowed one input format.

I ended up fixing this issue by making more than one filter type available to my users. When I enabled it so the filter block showed up on the page, suddenly the filtering worked exactly as expected. So a condition to repro for me was to have only one active input format for the content type (I'm using the filter by node type module so that comments have a different type than content)

» Login or register to post comments

#1

jamuraa - February 23, 2009 - 18:23

I will see if I can debug this a bit more in the next few weeks, maybe I can come up with a solution for you.

Login or register to post comments

#2

Jorrit - July 7, 2009 - 16:50
Status:active» postponed (maintainer needs more info)

Have you been successful in solving this problem?

Login or register to post comments

#3

Jorrit - August 2, 2009 - 17:48
Version:6.x-1.3-rc7» 6.x-1.3

Concentrating the bugs on 1.3

Login or register to post comments

#4

unknownguy - October 22, 2009 - 09:41

Hi,

I am experiencing a similar problem. I upload an image, and if I use the mouse pointer to resize the image, the width and height attributes are replaced by a style attribute.

If after resizing I push the submit button, this style attribute is lost and the image is displayed in full size, which really sucks :).

I am using the latest module for DRUPAL 5. If a patch is committed for DRUPAL 6, I would be interested in letting me know it (although I would expect the same patch to be developed for DRUPAL 5 by the module mantainer, I am really eager to fix this issue).

Login or register to post comments

#5

Jorrit - October 22, 2009 - 20:37

I guess it has something to do with the CSS in the editor. What is your setting for "Editor CSS:" in your profile?

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.