1

I am using ckeditor to post formated text into the mysql database. When I post it converts the iframe into encoded html as if using htmlspacialchars but leaves the rest of the html code ok.

what I get:

<p>&lt;iframe frameborder=&quot;0&quot; scrolling=&quot;no&quot; src=&quot;http://php.net/manual/en/function.mysql-real-escape-string.php&quot;&gt;&lt;/iframe&gt;</p>

<p>&nbsp;</p>

<ul>
 <li>hi lol</li>
 <li>wow</li>
 <li>yaya</li>
</ul>

vs what I want:

<p><iframe frameborder="0" scrolling="no" src="http://php.net/manual/en/function.mysql-real-escape-string.php"></iframe></p>

<p>&nbsp;</p>

<ul>
 <li>hi lol</li>
 <li>wow</li>
 <li>yaya</li>
</ul>

This causes it to appear as html code rather than rendering the iframe on the page.

I know it is not the mysql that has the problem because when I store it directly through the phpmyadmin it lets it show fine on the page, rendering the iframe.

Also it happend the same thing in tinymce so it may be a server permission thing, I don't know.

4

1 回答 1

2

The editor is protecting against Cross Site Scripting attacks. A little searching turned up the correct way to add an iframe with ckeditor.

于 2012-12-19T21:25:03.667 回答