Script Tags getting stripped

[sitewizard]

Hi

I am trying to add script tags to an FAQ using the TimyMCE editor using the HTML button to edit the HTML. When I click the update button and then view the HTML it strips the script tags. How can I allow script tags in the editor?

Thanks
Robert

[Thorsten]

Hi,

you have to hack our security filter. Do you really want to do that?

bye
Thorsten

[sitewizard]

Hi

Thanks for the reply. Is that the only way to allow putting JavaScript into an FAQ? If so, how would I do that?

Thanks
Robert

[Thorsten]

Hi,

please open inc/Init.php. At line 509 you'll see this code:

Code: Select all

        //remove really unwanted tags
        do {
            $oldstring = $string;
            $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $string);
        } while ($oldstring != $string);

Just remove the "script" part and you can use the <script> tag.

bye
Thorsten

[sitewizard]

Hi

Thanks for that. Its works great. It is now stripping out mouse events. I am trying to add an image viewer to an image. Please see the code below:

Code: Select all

<img src="images/Image/guides/thumb-transfer-co.uk.jpg" alt="Example of the transfer form filled in for .co.uk domains" title="Example of .co.uk Domains" width="150" height="221" onmouseover="showtrail('transfer-co.uk.jpg','Example: Transfer Out',300,443);" onmouseout="hidetrail();" /><img src="images/Image/guides/thumb-transfer-com.jpg" alt="Example of the transfer form filled in for .com domains" title="Example of .com Domains" width="150" height="221" onmouseover="showtrail('transfer-com.jpg','Example: Transfer Out',300,443);" onmouseout="hidetrail();" /><img src="images/Image/guides/thumb-transfer-uk.com.jpg" alt="Example of the transfer form filled in for .uk.com domains" title="Example of uk.com Domains" width="150" height="221" onmouseover="showtrail('transfer-uk.com.jpg','Example: Transfer Out',300,443);" onmouseout="hidetrail();" />

TinyMCE is allowing us to enter the code and is not stripping out the onmouseover/onmouseout code but when we save it is is being removed. How can I get round this? I have not been able to find the code that strips mouse events out.

Thanks
Robert

[Thorsten]

Hi,

just look at line 491:

Code: Select all

        // remove any attribute starting with "on" or xmlns
        $string = preg_replace('#(<[^>]+[\x00-\x20\"\'\/])(on|xmlns)[^>]*>#iU', "$1>", $string);
        

Change it to

Code: Select all

        // remove any attribute starting with "on" or xmlns
        $string = preg_replace('#(<[^>]+[\x00-\x20\"\'\/])(xmlns)[^>]*>#iU', "$1>", $string);
        

and it should work.

bye
Thorsten

[sitewizard]

Hi

Thank you for that and all the help, much appreciated. It works fine.

Thanks
Robert

[teliot]

I wanted to insert this code:

Code: Select all

<script type="text/javascript" src="http://hausgemacht.tv/scripts/ufo.js"></script>
<script type="text/javascript" src="http://hausgemacht.tv/index.php?Action=showVideoPlayerStandalone&vid=2856&node_id=33"></script>

I removed the "script" part from inc/Init.php, but the code isn't shown

[Thorsten]

Hi,

which version do you use?

bye
Thorsten

[teliot]

I have the newest version. 2.5!

[Thorsten]

Hi,

<script> tags are working, but the "index.php" part breaks the second <script> tag... I'll work on a fix.

bye
Thorsten