#9874 closed enhancement (wontfix)
extended and invalid elements for tinymce
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.8 |
Component: | TinyMCE | Keywords: | |
Focuses: | Cc: |
Description
I've this code, which currently resides in a plugin:
add_filter('tiny_mce_before_init', array('sem_fixes', 'tiny_mce_config')); function tiny_mce_config($o) { # http://forum.semiologic.com/discussion/4807/iframe-code-disappears-switching-visualhtml/ # http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements#Full_XHTML_rule_set # assume the stuff below is properly set if they exist already if ( current_user_can('unfiltered_html') ) { if ( !isset($o['extended_valid_elements']) ) { $elts = array(); $elts[] = "iframe[align<bottom?left?middle?right?top|class|frameborder|height|id" . "|longdesc|marginheight|marginwidth|name|scrolling<auto?no?yes|src|style" . "|title|width]"; $elts = implode(',', $elts); $o['extended_valid_elements'] = $elts; } } else { if ( !isset($o['invalid_elements']) ) { $elts = array(); $elts[] = "iframe"; $elts[] = "script"; $elts[] = "form"; $elts[] = "input"; $elts[] = "button"; $elts[] = "textarea"; $elts = implode(',', $elts); $o['invalid_elements'] = $elts; } } return $o; } # tiny_mce_config()
basically, users were complaining about being enable to insert an iframe in TinyMCE -- among many other things. shouldn't the above two be default settings?
if so, just let me know and I'll write the patch. if not, please close as invalid/wontfix.
Change History (4)
Note: See
TracTickets for help on using
tickets.
Many users copy and paste content from web pages and that usually inserts a number of html tags and styling without them realizing it (depending on the browser). Since the <iframe> has some security risks, better to enable it only for users that require it (via a plugin).
Also <iframe> is invalid in both HTML 4.1 Strict and XHTML 1.0 Strict and many themes use the strict DTD.
We can match the restrictions from kses in
invalid_elements
for non-admin users, although it would probably bring some "the editor mangles my code" complains.