Issues with the editor

Hi all,

I have an issue which is baffling to me.  On my 1.8.8 site members are unable to paste content in their posts.  This used to work but I'm not sure what has happened.  While in the editor when one copies from word, powerpoint or a formatted document and pastes it looks fine but once posted nothing shows.  I copied a jpeg image from the Internet and was able to paste it and view it but a word document with formatting that includes graphs and tables will not display.  I see some of the text but not the whole document and certainly no graphs and tables.  Before, I had a blog post in which I pasted screen captures to illustrate my subject and it displayed well.  I replaced tinyMCE with tinyMCE Extended 1.8 but the result is the same.

It's very frustrating.  I don't see anything in the logs that will tell me what is happenning.  The only things I did recently was to install Profile manager, roles and roles for profile manager plugins.  To make upload users work I applied the patch to access.php in engine/lib.

Could any of these actions have cause this problems?

  • I'm fairly certain this was caused by the Htmlawed library upgrade in 1.8.7. Htmlawed no longer allows "data:" URLs by default (removed because it's an avenue for XSS). I'm sorry you were relying on that feature (browser auto-converting visual content to <img src="data:...">), but it was insecure unless you run a private network where you trust all users.

    You'll have to manually convert content to images and upload them via the embed functionality when creating your post.

  • Is it only not working when pasting formated content from a MS Office application or does pasting content does not work in general? Have you tried different browsers?

    I just made a test on Elgg 1.8.8 using the latest version of my extended tinymce plugin (which includes the latest available version of the editor). As I'm on linux I pasted text including a table from Libre Office and it worked without any issues, i.e. the table, font style and family remained correct after saving.

    With the Elgg core tinymce plugin I would rather suspect the issue is caused by the tinymce editor itself (version 3.4.7 is included while current version is 3.5.7). The latest version of the tinymce editor might have the issue fixed already.

  • I think @Osay was pasting/dragging images right into the editor and Chrome was turning them into IMG elements with data URLs. I know for certain that worked on Chrome/OSX in an older TinyMCE. Data URLs are one of those nice HTML5 features that just can't be trusted where XSS is a concern. 

    Htmlawed does have configuration plugin hook where you could re-enable it, but again, you'd be re-enabling a XSS vector!

  • I tried as well, and could paste a word document with styling, tables and everything. On windows and Mac

    May be a third party plugin interfering with tinymce?

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Thanks everyone for your replies.   @iionly, as I noted in the post I've tried pasting content from M$ Word and M$ PowerPoint with the same result.  As for the editor I replaced TinyMCE with TinyMCE Extended and it's at version 3.5.7.  I tend to think @steveclay is right about the Htmlawed library.  I'll play with it just to satisfy myself that this is or not the case.


    @rjcalifornia, what version of tinymce are you using?  Any ideas what type of third party plugin can cause this kind of problem?  What about the issue with Htmlawed?  When I try to paste I do see the "<table>" tag for the table but nothing appears in display.  The rest of the text is "<p>" tagged.What I remember doing before this happened was installing the plugins for user and group upload via CSV which required profile manager and role plugins as well, plus the patch to access.php.  Will update if I find something new.

  • I still don't fully understand what exactly is NOT working for you. You said you tried pasting content from MS Word and MS Powerpoint and you mentioned pasting images.

    I guess by pasting images you refer to images available on the Internet (as pasting local images surely does not work - and never did). I think the image pasting issue is quite likely due to changes in htmlawed (but it still works to insert images via the "Insert/edit image" button of the tinymce editor).

    With pasting formated content from MS Office programs I don't think it's an htmlawed issue. It works for rjcalifornia and it works for me (though I tested with LibreOffice). I would rather suspect an broweser issue (or maybe even a not yet fixed bug in the tinymce editor). It could also depend on the version of MS Office and even Windows used. I would suggest to try different browesers. Also, with the extended tinymce plugin you can try to paste content using the "Paste from Word" button. It could be that by using this option some faulty html tags introduced by MS Office get cleaned by the tinymce plugin during saving the posting.

  • My guess is he was relying on this functionality. TinyMCE will show you the IMGs created, but Htmlawed will strip the src attributes on input. @Osay, make sure you don't disable htmlawed!

  • @Osay I have no idea then. As iionly said, you can only paste internet images, not local images. As far of MS Office styling, it works on firefox, safari, chrome, Konqueror, Fluid, SeaMonkey on Windows, Linux and Mac.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Pasting of Internet images works with no issues.  I've tried pasting the formatted documents using Firefox, Chrome and IE and I get the same issue, the formatting is stripped, tables appear as place holders, any images embedded in the document are missing.  In edit mode they're there but once I post to be viewed they disappear.  I asked a colleague to try from their PC and the result is the same with the three browsers.

    Pasting a screen capture doesn't work either.  I'm using MS Office 2010.  The paste from word option results in the same behaviour.  Even copy paste from PDF does not work.  I'm miffed.  Is there any way I can capture the behaviour in a log file?  I've seen debug somewhere but have not investigated it.

  • @Osay. After you paste the content into TinyMce, hit the "HTML" button to see the source. My guess is you'll see the images represented like this. Nothing with attribute="data:..." will save on the server due to the risk of XSS.

    If we could only ease the limitations for IMG (I don't know if this is possible with Htmlawed) it would be mostly safe, but also a very ineffecient method of serving images for your server. Also there's I think a 64K limitation on text inputs in Elgg right now. Base64 encoding increases image size dramatically so you'd frequently bump into that limitation when pasting large images, and the truncation to 64K could break things.