6

我一直在阅读官方文档和博客文章以及 SO 几个小时,肯定会在某个地方发布答案......但没有运气。

似乎没有多少摆弄任何配置。阻止 tinymce 在我的输入/提交<p>元素上剥离内联“样式”属性。我需要所有输入元素的“样式”属性..但我只是从测试开始,<p>甚至让它工作。

  • tinymce 版本 3.5b3

这是我的配置的最新迭代。(在许多变化/尝试中):

tinyMCE.init({
    mode : "textareas",
    theme : "advanced",

    plugins : "emotions,spellchecker,advhr,insertdatetime,preview,paste,table,media,directionality,style,xhtmlxtras,nonbreaking,pagebreak", 

    theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,formatselect,fontselect,fontsizeselect",
    theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
    theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,ltr,rtl",
    theme_advanced_buttons4 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,nonbreaking,pagebreak",

    theme_advanced_toolbar_location : "top",
    theme_advanced_toolbar_align : "left",
    theme_advanced_statusbar_location : "bottom",
    theme_advanced_resizing : true,

    doctype : "<!DOCTYPE html>",

    convert_urls : false,

    //template_external_list_url : "gen4tinymce/lists/template_list.js",
    external_link_list_url : "gen4tinymce/lists/link_list.js",
    //media_external_list_url : "gen4tinymce/lists/media_list.js",

    valid_elements : "@[id|class|style|title|dir<ltr?rtl|lang|xml::lang],"
    + "a[rel|rev|charset|hreflang|tabindex|accesskey|type|"
    + "name|href|target|title|class],strong/b,em/i,strike,u,"
    + "#p[style],-ol[type|compact],-ul[type|compact],-li,br,img[longdesc|usemap|"
    + "src|border|alt=|title|hspace|vspace|width|height|align],-sub,-sup,"
    + "-blockquote,-table[border=0|cellspacing|cellpadding|width|frame|rules|"
    + "height|align|summary|bgcolor|background|bordercolor],-tr[rowspan|width|"
    + "height|align|valign|bgcolor|background|bordercolor],tbody,thead,tfoot,"
    + "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor"
    + "|scope],#th[colspan|rowspan|width|height|align|valign|scope],caption,-div,"
    + "-span,-code,-pre,address,-h1,-h2,-h3,-h4,-h5,-h6,hr[size|noshade],-font[face"
    + "|size|color],dd,dl,dt,cite,abbr,acronym,del[datetime|cite],ins[datetime|cite],"
    + "object[classid|width|height|codebase|*],param[name|value|_value],embed[type|width"
    + "|height|src|*],map[name],area[shape|coords|href|alt|target],bdo,"
    + "button,col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|"
    + "valign|width],dfn,fieldset,form[action|accept|accept-charset|enctype|method],"
    + "input[accept|alt|checked|disabled|maxlength|name|readonly|size|src|type|value],"
    + "kbd,label[for],legend,noscript,optgroup[label|disabled],option[disabled|label|selected|value],"
    + "q[cite],samp,select[disabled|multiple|name|size],small,"
    + "textarea[cols|rows|disabled|name|readonly],tt,var,big",

    extended_valid_elements : "p[style]",
    inline_styles : true,
    verify_html : false
});

感谢您的任何建议!

4

4 回答 4

13

正如 Thariama 所指出的,tinymce 没有错……但我不知道所有 CodeIgniter$config['global_xss_filtering'] = TRUE;在做什么。如果您发现您遇到同样的问题,这就是我的解决方法;请在此处查看: Codeigniter - 基于帖子禁用 XSS 过滤

于 2012-04-25T03:07:05.787 回答
3

这个小提琴表明您的 tinymce 配置绝对完美:所有元素都允许样式属性,它不会被剥离。

于 2012-04-24T07:20:18.557 回答
0

你可以尝试一个ajax请求,像这样

$("#submit").click(function(e) {
    ie8SafePreventEvent(e);
    var form_data = $("#form").serialize();
    var content = $.base64.encode(tinyMCE.activeEditor.getContent());
    $.ajax({
        type: "POST",
        url: "/your/post/processor",
        data: form_data + "&coded_content=" + content,
        success: function(return_msg){
            do_something
            },
        error: function(){
            alert("Sorry, we got an error, try later");
            }
        });
    });

显然在你的控制器中你必须base64decode ...

于 2012-12-27T00:45:02.110 回答
0

我也在使用 CodeIgniter,虽然我确实设置$config['global_xss_filtering'] = false;了样式属性,但我仍然遇到了问题。因此,如果没有一个解决方案适合您,您可以尝试在提交时将 tinyMCE 数据编码为 base64 并使用 Javascript 将其放置在隐藏字段中:

$('#hiddenField').val(window.btoa(tinyMCE.get('tinyMCEtextareaID').getContent()));

这样您就可以保留原始字符串,并且可以使用以下方法在 PHP 中轻松解码:

$htmlstring = base64_decode($_POST['hiddenField']);
于 2016-11-25T11:26:04.723 回答