Hi,
I’ve been using your TinyMCE plug-in for Rails very happily for a while now. I’ve run into one problem that I just can’t seem to solve and I’m slowly going bats.
I want to allow users to paste in html forms into the TinyMCE editor. I realize the form tags are cleaned out prior to save in order to prevent XSS attacks, but after a lot of looking I found that TinyMCE will allow you to override what gets scrubbed out.
So I changed the default code for the controller (provided by the wiki example) from:
uses_tiny_mce(:options => {:theme => 'advanced',
:browsers => %w{msie gecko},
:theme_advanced_toolbar_location => "top",
:theme_advanced_toolbar_align => "left",
:theme_advanced_resizing => true,
:theme_advanced_resize_horizontal => false,
:paste_auto_cleanup_on_paste => true,
:theme_advanced_buttons1 => %w{formatselect fontselect fontsizeselect bold italic underline strikethrough separator justifyleft justifycenter justifyright indent outdent separator bullist numlist forecolor backcolor separator link unlink image undo redo},
:theme_advanced_buttons2 => [],
:theme_advanced_buttons3 => [],
:plugins => %w{contextmenu paste}},
:only => [:new, :edit, :show, :index])
To:
uses_tiny_mce(:options => {:theme => 'advanced',
:browsers => %w{msie gecko},
:extended_valid_elements => "form[name|id|action|method|enctype|accept-charset|onsubmit|onreset|target],input[alt|border|id|name|type|value|size|maxlength|checked|accept|src|width|height|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect],textarea[id|name|rows|cols|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect],option[name|id|value],select[id|name|type|value|size|maxlength|checked|accept|src|width|height|disabled|readonly|tabindex|accesskey|onfocus|onblur|onchange|onselect|length|options|selectedIndex]",
:theme_advanced_toolbar_location => "top",
:theme_advanced_toolbar_align => "left",
:theme_advanced_resizing => true,
:theme_advanced_resize_horizontal => false,
:paste_auto_cleanup_on_paste => false,
:theme_advanced_buttons1 => %w{formatselect fontselect fontsizeselect bold italic underline strikethrough separator justifyleft justifycenter justifyright indent outdent separator bullist numlist forecolor backcolor separator link unlink image undo redo},
:theme_advanced_buttons2 => [],
:theme_advanced_buttons3 => [],
:plugins => %w{contextmenu paste}},
:only => [:new, :edit, :show, :index])
Unfortunately, that’s not doing what is expected. In fact, it’s not doing anything at all. In desperation I went to the public/tiny_mce.js directory and edited the extended_valid_elements attribute directly, but that had the same result… no change.
Anyone have any insights?
Joe
