I've recently upgraded from 1.7 where I allowed extended elements such as iframe, table, and swf to be embedded in users blogs, pages, and comments etc. In Elgg 1.8, I am not able to do this.
I have changed the /mod/tinymce/views/default/js/tinymce.php file to allow these (and it shows up correctly in the little editor frame) but when I save, they all get stripped. Is there another file in elgg's core that I must edit to allow users to post such things in their blog posts and comments?
P.S. I realize it is dangerous, but I still desire to do so anyway
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Matt Beckett@Beck24
Matt Beckett - 0 likes
- leahb1990@leahb1990
leahb1990 - 0 likes
- Steve Clay@steve_clay
Steve Clay - 0 likes
- Steve Clay@steve_clay
Steve Clay - 0 likes
You must log in to post replies.You need to look at the htmlawed plugin, it filters input. There are hooks you can use to change some functionality without outright disabling it.
@Matt - Do you know which particular file to edit in HTMLawed.... and whihc particular hook do you mean
for example, this was the code i editted in tnymce
<!-- include tinymce -->
mod/tinymce/tinymce/jscripts/tiny_mce/tiny_mce.js">
<!-- intialise tinymce, you can find other configurations here http://wiki.moxiecode.com/examples/tinymce/installation_example_01.php -->
tinyMCE.init({
mode : "textareas",
theme : "advanced",
theme_advanced_buttons1 : "bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo,link,unlink,image,blockquote,code",
theme_advanced_buttons2 : "",
theme_advanced_buttons3 : "",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
extended_valid_elements : "a[name|href|target|title|onclick],iframe[height|width|src],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],
hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
maybe there is more I need to do within that plugin in too...?
The htmlawed plugin passes the Htmlawed library configuration variable through the plugin hook [config, htmlawed]. In your plugin, you would handle that hook and make the necessary changes. No need to alter any core files.
You should also override the js/tinymce view rather than modifying the core. :)