CKEditor 4
Tue, 07/20/2010 - 21:59
#1
akiross
akiross's picture
Joined: 21/06/2010
Posts: 45

[SOLVED] How to handle protected script tags?

Hello,
I'm using ckeditor to edit a file with custom tags. In particular, there is a script tag with a particular kind of script (that's not a type="text/javascript" script tag) and the browser is actually unable to process it (afaik, so, there is actually no danger in accidentally executing it).

I need to correctly have that tag inside the document structure, because I need to read the script content and use it in the editor's processing. Now, when I read the document source, the script is <!-- {cke_protected} ... -->, which which is no good for me.

How can I avoid protection of my particular type="blah" of script tags? Or how can I un-protect the tags explicitly?

Thanks.

~Aki
Top
Tue, 07/20/2010 - 22:07
comp615
comp615's picture
Joined: 02/07/2010
Posts: 295

Re: How to handle protected script tags?

ProtectedSource?
Top
Tue, 07/20/2010 - 22:16
akiross
akiross's picture
Joined: 21/06/2010
Posts: 45

Re: How to handle protected script tags?

Ok, but how do I remove the existing regex for script tags? Is it indexed someway?

Thanks
Top
Tue, 07/20/2010 - 22:41
comp615
comp615's picture
Joined: 02/07/2010
Posts: 295

Re: How to handle protected script tags?

It's a standard JS stack I think. In theory you could pop all the existing ones off. Actually, it looks more to me like you want a single exception to the standard script protection, so all you'd need to do is alter the existing regex pattern (No idea where it is...try searching?) to exclude the properties your scripts have.
Top
Wed, 07/21/2010 - 16:37
akiross
akiross's picture
Joined: 21/06/2010
Posts: 45

Re: How to handle protected script tags?

From plugins/htmldataprocessor/plugin.js

      var regexes =
         [
            // Script tags will also be forced to be protected, otherwise
            // IE will execute them.
            ( /<script[\s\S]*?<\/script>/gi ), // This is it!!

            // <noscript> tags (get lost in IE and messed up in FF).
            /<noscript[\s\S]*?<\/noscript>/gi
         ]
         .concat( protectRegexes );


The script protection is not loaded explicitly in the protectedSource array, actually:

config.protectedSource.indexOf(/<script[\s\S]*?<\/script>/gi); // returns -1

But that's the right source, because commenting it results in unprotected script tags.
Now I'm using a modified source, commenting that script regex, but I think it's wrong so I'm proposing a change, so I filed a ticket: http://dev.ckeditor.com/ticket/6002

Thanks for the help
~Aki

Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check