Hello!
I'm trying to do this: if the page to be edited contains a script (not necessarily a JavaScript script, I'm dealing with custom formats), an icon shall appear in the WYS-editor where the script is. A double click will pop up a script editor. The script shall still available for editing in the source editor.
My idea was to use a fakeobject, but when trying to filter the script element (with editor.dataProcessor.dataFilter), the script is already protected (converted to comment).
My code can actually work with protected code, but I'd like to know if there is a way to change this transformation sequence, and processing the code before it's protected.
I tried to change the priority when registering the filter rule, but it doesn't change anything.
Any help is appreciated
Thanks!
~Aki
Tue, 08/10/2010 - 16:30
#1
Re: Filtering scripts before protection
Re: Filtering scripts before protection
Sure I'll explain briefly my situation: we're using CKEditor for editing existing files, with of course the ability to save. In these files, they may be present special kind of script tags - and its content shall be modified via our plugin.
They are not JavaScripts, and aren't currently supported by today's browsers, so there is no a real need to prevent their execution. Anyway, CKEditor do protect them by converting (encoding) the whole script tag inside a comment. After some testing, I ended up by handling directly the comments, so that CKEditor could continue working on them as usual.
My code actually takes comments, un-protects them, allows the user to edit the content and, when done, re-encode them.
As I said before, the protection of the comment happens before the html parsing. This results in protected script tags to be available as comments:
Re: Filtering scripts before protection
I see you're using a filter priority of 2. Have you played with this number? Raising that (Try 10) might give your filter priority over whatever filter is "commenting out" the script (Beware that it might also return it as a data type other than 'comment' then). You can play around in Firebug to see what's actually coming through. Otherwise, there should be no reason that you can't use fakeObjects just like in the flash plugin.
Re: Filtering scripts before protection
Afaik, the script tag can't be removed from the protectedSource array, but I can't find the source right now and maybe I'm recalling wrong. Anyway no, I didn't.
EDIT: oh, yeah. Found the source: looking at plugins/htmldataprocessor/plugin.js function protectSource, the script and noscript tags are automatically appended to the protection regexes. I think I filed a bugreport for this, but was marked as non important and thus unknown resolving time. /EDIT
EDIT2 comp615, do you know how to un-protect the script tag? If you do, can you please provide a working example? Thanks for your help anyway /EDIT2
I tested both with low (0-1-2) and high (10-100) priorities, but it doesn't seems to change. Anyway it's a min priority queue, i.e. low priorities are executed first:
"Found comment 2" happens always before comment 1, Q.E.D.
Re: Filtering scripts before protection
Alternatively, (And better in terms of figuring out if this is actually your problem) Just edit them out of the htmlprocessor then.
Re: Filtering scripts before protection
The problem is that the regexes for protecting script are inserted in the array just before protection occurs, and they are applied BEFORE any regex I may insert:
Yes, I thought about this solution... But I don't really like to patch the source (as this could lead to hard-to-find bugs when updating the code, as not everyone reads the documentation). This is why I preferred to work with comments (but well, it's a bad solution as it depends on the source, too, although it's not intrusive).
Anyway, this was the past: the current situation is that I've to work on scripts and insert fake objects, so protection is no longer necessary and those regexes can be placed in the configuration.
I'm trying this approach now, I'll post the results asap.
Thanks for your help
~Aki
Re: Filtering scripts before protection
Ok, succes
I'm sure it's not finished and bugs are present, but the fake element is present, code is saved successfully and (apparently) it's not messed up in firefox (script protection seems to be necessary for IE, which executes the script in WYS mode, and firefox, which someway modifies the code). I don't have IE for testing.
Anyway, html filtering happens before entering the WYS mode, so the conversion script->fakeobj shall be done before IE and Firefox have the opportunity to do their dirty jobs. So I THINK the code shall be safe.
It's pretty easy, anyway:
1. Comment this line in the plugins/htmldataprocessor/plugin.js:
Re: Filtering scripts before protection
To akiross: where do you put the script that do the fakeElement ? is it in ckeditor/_source/plugins/yourplugins/plugin.js ?
I tried your approach to fix my problem but no luck until now. More information is @ viewtopic.php?f=11&t=19758 if you have a chance to look @ it. Nothing happens when I insert <script> tag. I guess I might place script in wrong place or the css not working.
Thanks
Re: Filtering scripts before protection
Re: Filtering scripts before protection
Re: Filtering scripts before protection
I follow your instruction and it still does not work for me. There are no javascript errors. Something is going so wrong with dataFilter in afterInit, the alert('script present') is not executed. The text I input is simply '<script> alert('javascript') </script>'. The text is inserted in the ckeditor display successfully. Help is greatly appreciated.
Re: Filtering scripts before protection