hello dear ckeditor users,
I want to make sure that no user can type in javascript code in the editing area
of the ckeditor, version 3+.
For example:
some normal text
<script language="JavaScript">
alert('hello');
</script>
some more normal text
So my problem is to automatically remove or uncomment the javascript code.
So far I have tried configuration options like 'removeFormatTags', but this seems to
be not the right place...
Is there such a configuration option for the ckeditor or does anybody have
an idea of how to solve this problem without big effort?
The user may key in the text letter by letter but may also paste it from the clipboard.
Any help would be great.
Best regards
toller43
I want to make sure that no user can type in javascript code in the editing area
of the ckeditor, version 3+.
For example:
some normal text
<script language="JavaScript">
alert('hello');
</script>
some more normal text
So my problem is to automatically remove or uncomment the javascript code.
So far I have tried configuration options like 'removeFormatTags', but this seems to
be not the right place...
Is there such a configuration option for the ckeditor or does anybody have
an idea of how to solve this problem without big effort?
The user may key in the text letter by letter but may also paste it from the clipboard.
Any help would be great.
Best regards
toller43
Re: disable javascript code in editing area (textarea)
Re: disable javascript code in editing area (textarea)
That kind of protection can't be done at the client side (if you really want it to be a protection). Use a script like HTML Purifier instead.
Re: disable javascript code in editing area (textarea)
thank you for your reply.
For some technical reasons, I cannot use your way to solve this problem...
I would like to stress that my problem also is that you can hide things in the
editing area by inserting javascript code.
When you wrap a text fragment you want to hide by a javascript tag, you can
enter text the user will never see. You can access the hidden text only, if you
switch to source view. But what do you do when the menu bar for the ckeditor
does not show the source view button?
Best regards
toller43
Re: disable javascript code in editing area (textarea)
How do you plan to take care of all of them?