在CKEditor中保留SCRIPT标记(和更多) [英] Preserving SCRIPT tags (and more) in CKEditor
问题描述
是否可以在CKEditor中创建一个代码块,编辑器本身不会触及它,并且将被保持在其预期状态,直到用户明确更改为止?我一直在尝试输入javascript变量(绑定在脚本标签)和一个Flash电影后面,但CKEditor继续重写我粘贴的代码/标记,这样做打破我的代码。
我使用以下设置:
< script type =text / javascript
var editor = CKEDITOR.replace(content,{
height:500px,
width:680px,
resize_maxWidth:680px,
) resize_minWidth:680px,
toolbar:
[
['Source',' - ','Save','Preview'],
['Cut' ','Paste','PasteText','PasteFromWord',' - ','Print','SpellChecker','Scayt'],
['Undo','Redo',' ','Replace',' - ','SelectAll','RemoveFormat'],
['Bold','Italic','Underline','Strike',' - ','Subscript','Superscript '],
['NumberedList','BulletedList',' - ','Outdent','Indent','Blockquote'],
['JustifyLeft','JustifyCenter','JustifyRight' 'justifyBlock'],
['Link','Unlink','Anchor'],
['Image','Table','HorizontalRule','SpecialChar']
]
});
CKFinder.SetupCKEditor(editor,<?php print url :: base();?> assets / ckfinder);
< / script>
我想最理想的解决方案是保留任何包含<$ c $
更新:我在想此问题的解决方案位于 CKEDITOR。 config.protectedSource()
,但我的正则表达式体验证明太少了处理这个问题。 问题不是用CKEditor。相反,问题是MVC-Engine运行网站本身。 Kohana在其配置中有一个默认情况下启用的 global_xss_filtering
。这会阻止提交脚本代码,以防止对您网站的脚本攻击。将此值更改为 false
将允许在表单中提交< script>
标记,网站对可能非常严重的潜在安全问题。建议您不要禁用 global_xss_filtering
。
/ * /系统|应用程序)/config/config.php - line 66 * /
/ **
*启用或禁用GET,POST和SERVER数据的全局XSS过滤。这个
*选项也接受一个字符串来指定一个特定的XSS过滤工具。
* /
$ config ['global_xss_filtering'] = FALSE;
Is it possible to create a block of code within the CKEditor that will not be touched by the editor itself, and will be maintained in its intended-state until explicitly changed by the user? I've been attempting to input javascript variables (bound in script tags) and a flash movie following, but CKEditor continues to rewrite my pasted code/markup, and in doing so breaking my code.
I'm working with the following setup:
<script type="text/javascript">
var editor = CKEDITOR.replace("content", {
height : "500px",
width : "680px",
resize_maxWidth : "680px",
resize_minWidth : "680px",
toolbar :
[
['Source','-','Save','Preview'],
['Cut','Copy','Paste','PasteText','PasteFromWord','-','Print', 'SpellChecker', 'Scayt'],
['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
['Bold','Italic','Underline','Strike','-','Subscript','Superscript'],
['NumberedList','BulletedList','-','Outdent','Indent','Blockquote'],
['JustifyLeft','JustifyCenter','JustifyRight','JustifyBlock'],
['Link','Unlink','Anchor'],
['Image','Table','HorizontalRule','SpecialChar']
]
});
CKFinder.SetupCKEditor( editor, "<?php print url::base(); ?>assets/ckfinder" );
</script>
I suppose the most ideal solution would be to preserve the contents of any tag that contains class="preserve"
enabling much more than the limited exclusives.
Update: I'm thinking the solution to this problem is in CKEDITOR.config.protectedSource()
, but my regular-expression experience is proving to be too juvenile to handle this issue. How would I go about exempting all tags that contain the 'preserved' class from being touched by CKEditor?
The issue is not with the CKEditor. Instead, the issue was with the MVC-Engine running the Site itself. Kohana has a global_xss_filtering
within its configuration that is enabled by default. This prevents the submission of script tags, to prevent scripting-attacks on your site. Changing this value to false
will permit the submission of <script>
tags in forms, but it also opens up the site to potential security issues that can be very serious. It is advisable that you not disable global_xss_filtering
.
/* /(system|application)/config/config.php - line 66 */
/**
* Enable or disable global XSS filtering of GET, POST, and SERVER data. This
* option also accepts a string to specify a specific XSS filtering tool.
*/
$config['global_xss_filtering'] = FALSE;
这篇关于在CKEditor中保留SCRIPT标记(和更多)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!