input filter spoils html code in group description
- Algernon
- OFFLINE
-
New Member
- Posts: 3
- Thanks: 0
- Karma: 0
12 years 11 months ago - 12 years 11 months ago #162987
by Algernon
input filter spoils html code in group description was created by Algernon
Hello!
I've found a strange behaviour - when writing a group description using a wysiwyg editor the engine stores in DB html code with soem spoiled tags. In my case it has removed all spaces in "alt" and "title" attributes of <img> tag and also in "style" section of <img>.
As a temporary solution for myself i have commented rows:
In
admin.groupjive.php (function saveGroupEdit)
and
component.groupjive.php (function saveGroupEdit)
(i have edit group description using the backend interface).
If u can simulate the same behaviour please give ur comments - is this a bug or smth else.
Thank you!
I've found a strange behaviour - when writing a group description using a wysiwyg editor the engine stores in DB html code with soem spoiled tags. In my case it has removed all spaces in "alt" and "title" attributes of <img> tag and also in "style" section of <img>.
As a temporary solution for myself i have commented rows:
cbimport( 'phpinputfilter.inputfilter' );
$filter = new CBInputFilter( array(), array(), 1, 1, 1 );
$row->description = trim( $filter->process( $row->description ) );In
admin.groupjive.php (function saveGroupEdit)
and
component.groupjive.php (function saveGroupEdit)
(i have edit group description using the backend interface).
If u can simulate the same behaviour please give ur comments - is this a bug or smth else.
Thank you!
Last edit: 12 years 11 months ago by Algernon.
Please Log in to join the conversation.
krileon
Team Member- ONLINE
- Posts: 68508
- Thanks: 9084
- Karma: 1434
12 years 11 months ago #163032
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: input filter spoils html code in group description
The filtering is designed to purge possible vulnerabilities, this is not a bug. A current bug however fixed for next release is GJ not properly adding whitelisted tags from CB configuration. As far as I am aware the only attributes removed by the filtering is action, background, codebase, dynsrc, and lowsrc. The results you see in GJ is the results you'd see in an editor textarea fieldtype (after next release with whitelisting fixed).
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.610 seconds
-
You are here:
- Home
- Forums
- Archive
- GroupJive
- Potential Bugs
- input filter spoils html code in group description