filtered attributes in news

vincent3569 Member, Translator

Hi,

sometimes, I don't use tinyMCE (I use only html editor) to admin news content.

although tags are allowed, their contents are sometimes filtered.
an example in the previous post (btw, the max size for the post is not enougth)

Comments

  • vincent3569 Member, Translator
    edited October 2017

    this HTML code:
    <div class="clearfix" style="width: 670px; margin: 0 auto;"> <a title="Le Mas face au Ventoux" href="/albums/20161111-weekend-ventoux/img_8279.jpg"><img style="float: left; margin: 0 15px 0 0;" src="/cache/20161111-weekend-ventoux/img_8279_w480_h315_cw1100_ch733.jpg" alt="img_8279" /></a> </div>

    become

    <div class="clearfix" style="670px; margin: 0 auto;"> <a title="Le Mas face au Ventoux" href="/albums/20161111-weekend-ventoux/img_8279.jpg"><img style="left; margin: 0 15px 0 0;" src="/cache/20161111-weekend-ventoux/img_8279_w480_h315_cw1100_ch733.jpg" alt="img_8279" /></a> </div>

    width: and float: are filtered in style attibute of div and img tags.

    this matter doesn't append whis tinyMCE.

  • acrylian Administrator, Developer
    edited October 2017

    You have to explicitly allow those tags (actually elements) and all attributes you wish to use. That's independent if you use TinyMCE or not.

    Generally you should avoid inlines CSS as much as you can. It causes frequently headaches because it has priority over rules in CSS files.

    If you need a lot of similar styling frequently, better add classes to your css file.

  • vincent3569 Member, Translator
    edited October 2017

    I desagree, it depends if you use TinyMCE or not. When I am using it, there is not filter as above. When I use TinyMCE, the css rules in style attribute are not filtered.

    btw, the relevant allowed tags are:
    div=>(class=>() id=>() style=>()) img=>(class=>() id=>() style=>() src=>() title=>() alt=>() width=>() height=>())

    how can you explain that width and float are filtered and margin isn't?

    and other, I wrote this:
    div=>(class=>() id=>() style=>(width=>())) img=>(class=>() id=>() style=>(float=>()) src=>() title=>() alt=>() width=>() height=>())

    but nothing more happened.
    was is the right structure I should use?

  • acrylian Administrator, Developer

    I desagree, it depends if you use TinyMCE or not.

    My recommendation of avoiding inline css is a general one and not exactly related to TinyMCE or not TinyMCE. It is a pain to override such styles whereever they are used (Yes, Zenphoto has a lot of this as well especially on the backend. One of the many tiny things we want to improve).

    Ok, forgive me that I cannot remember everything offhand. I would have to look into the code but I think you cannot further nest these definitions. So having style should cover everything within. Might be that the filter mistakes the "width" rule for a duplicated of the "width" attribute for unknown reasons.

    Remember that TinyMCE does a bit of his own filtering and escaping that may help here. I cannot answer right now.

  • vincent3569 Member, Translator

    Did you have a look at the issue?
    To not forget, maybe I have to create a ticket on github?

  • acrylian Administrator, Developer

    No ticket needed as I have it on my long list of things to look after. Just didn't have time as I am working on a dozen things at the time.

Sign In or Register to comment.