I created a custom 'Save' plugin that saves the editor's contents via Ajax. The plugin is active in both source and in wysiwyg mode.
Obtaining the contents of the editor is easy enough using the editor.getData() method.
However, the fullPage flag is not being honored when editor.getData() is called while in source mode. That is, user entered HTML, HEAD and BODY tags are not being removed.
If the user toggles to wysiwyg mode and then presses 'Save', editor.getData() works as expected and honors the fullPage flag by removing HTML, HEAD and BODY tags.
Is there a way to sanitize the content obtained from the editor when in WYSIWYG mode?
I searched and thought editor.dataProcessor.toDataFormat(editor.getData()) would work but it did not.
Obtaining the contents of the editor is easy enough using the editor.getData() method.
However, the fullPage flag is not being honored when editor.getData() is called while in source mode. That is, user entered HTML, HEAD and BODY tags are not being removed.
If the user toggles to wysiwyg mode and then presses 'Save', editor.getData() works as expected and honors the fullPage flag by removing HTML, HEAD and BODY tags.
Is there a way to sanitize the content obtained from the editor when in WYSIWYG mode?
I searched and thought editor.dataProcessor.toDataFormat(editor.getData()) would work but it did not.
Re: getData() does not honor fullPage flag
Re: getData() does not honor fullPage flag
editor.getData() will return the same and not honor the fullPage flag.
If I then switch to WYSIWYG mode, then back to source mode, the following markup will show
and editor.getData() will return the desired markup
How can I simulate this using built-in methods without having to toggle back and forth?
I know I can sanitize the output server side using regex but I feel that CKEDITOR already sanitizes it for me.
Worst case scenario I can restrict the saving to WYSIWYG mode.
Re: getData() does not honor fullPage flag
And if you want to do the process of converting from "data" to "internal html" and back to "data", then you'll have to check how it's done internally, but I don't think that you can do it (at least not really the same way) if you don't wait for the iframe to load so you end up with an asynchronous operation.
If you want to do it, then check the source because I don't think that there are too many people that have been bothered about this, so maybe no one can give you an answer.