on 11-05-2016 7:16 AM
Ok, I have seen this question here before by several people, the problem is that it removes all HTML tags, for example if I add an iframe to embed a youtube video, when I click on "Ok" to update, all html code is removed.
Something is weird in Hybris 5.7, the WYSIWYG editors does NOT work if hybris is deployed in Linux, but IT WORKS if deployed in Windows.
In this test , the source code is exactly the same and both are connected to the same database. The only difference is the operating system.
See the following screen cast I've prepared so you can understand what I'm talking about
http://www.screencast.com/t/c2twusBtd
What's up with Linux? is there any library required there or what is happening?
Thanks Jafet
FYI this is how I fixed the problem
hac.xss.filter.enabled=false
cmscockpit.xss.filter.enabled=false
hmc.xss.filter.enabled=false
productcockpit.xss.filter.enabled=false
#THIS ONE WAS MISSING
btgcockpit.xss.filter.enabled=false
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jafet,
Can you try by modifying wysiwig editor in hmc.xml for particular attribute in a itemtype. So, i have enabled certain html tags which won't be removed after i save in wysiwig editor.
<attribute name="htmlPage">
<wysiwygeditor config="theme : 'advanced',
allow_script_urls : true,
convert_urls : false,
plugins : 'table,save,advhr,advimage,advlink,emotions,iespell,insertdatetime,searchreplace,print,contextmenu,hybris,safari',
theme_advanced_buttons1_add : 'fontselect,fontsizeselect',
theme_advanced_buttons2_add : 'separator,insertdate,inserttime,separator,forecolor,backcolor',
theme_advanced_buttons2_add_before: 'cut,copy,paste,separator,search,replace,separator',
theme_advanced_buttons3_add_before : 'tablecontrols,separator',
theme_advanced_buttons3_add : 'emotions,iespell,advhr,separator,medialink,anyitemlink',
theme_advanced_toolbar_location : 'top',
theme_advanced_toolbar_align : 'left',
plugin_insertdate_dateFormat : '%Y-%m-%d',
plugin_insertdate_timeFormat : '%H:%M:%S',
valid_elements: '+a[id|style|rel|rev|charset|hreflang|dir|lang|tabindex|accesskey|type|name|href|target|title|class|onfocus|onblur|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup],-strong[class|style],-b[class|style],-em[class|style],-i[class|style],-strike[class|style],-u[class|style],#p[id|style|dir|class|align],-ol[class|style],-ul[class|style],-li[class|style],br,img[id|dir|lang|longdesc|usemap|style|class|src|onmouseover|onmouseout|border|alt=|title|hspace|vspace|width|height|align],-sub[style|class],-sup[style|class],-blockquote[dir|style],-table[border=0|cellspacing|cellpadding|width|height|class|align|summary|style|dir|id|lang|bgcolor|background|bordercolor],-tr[id|lang|dir|class|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor],tbody[id|class],thead[id|class],tfoot[id|class],-td[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|bgcolor|background|bordercolor|scope],-th[id|lang|dir|class|colspan|rowspan|width|height|align|valign|style|scope],caption[id|lang|dir|class|style],-div[id|dir|class|align|style],-span[style|class|align],-pre[class|align|style],address[class|align|style],-h1[id|style|dir|class|align],-h2[id|style|dir|class|align],-h3[id|style|dir|class|align],-h4[id|style|dir|class|align],-h5[id|style|dir|class|align],-h6[id|style|dir|class|align],hr[class|style],-font[face|size|style|id|class|dir|color],dd[id|class|title|style|dir|lang],dl[id|class|title|style|dir|lang],dt[id|class|title|style|dir|lang]',
extended_valid_elements : '+link[rel|type|href],+script[language|type|src],a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style],style[*],embed[width|height|name|flashvars|src|bgcolor|align|play|loop|quality|allowscriptaccess|type|pluginspage],iframe[src|width|height|name|align]',
" />
</attribute>
Internally hybris uses Tiny MCE. Refer wiki link link text
If you want to enable all html elements then below mentioned config can be used.
valid_elements : '*[*]'
And to prevent web related security setting to REJECT or STRIP content please modify the following XSS settings.
# enable globally
xss.filter.enabled=true
# override per extension:
# hac.xss.filter.enabled=false
# define action on violation matching globally
# STRIP .. strips all text occurrences which match the patterns below but allow
# processing the request (default)
# REJECT.. if any pattern matches the whole request gets rejected with the BAD REQUEST
# error code
xss.filter.action=STRIP
# override per extension
# hac.xss.filter.action=REJECT
# our default rules
xss.filter.rule.script_fragments=(?i)<script>(.*?)</script>
xss.filter.rule.src=(?ims)[\\s\r\n]+src[\\s\r\n]*=[\\s\r\n]*'(.*?)'
xss.filter.rule.lonely_script_tags=(?i)</script>
xss.filter.rule.lonely_script_tags2=(?ims)<script(.*?)>
xss.filter.rule.eval=(?ims)eval\\((.*?)\\)
xss.filter.rule.expression=(?ims)expression\\((.*?)\\)
xss.filter.rule.javascript=(?i)javascript:
xss.filter.rule.vbscript=(?i)vbscript:
xss.filter.rule.onload=(?ims)onload(.*?)=
# again, override per extension
# hac.xss.filter.rule.vbscript=
Thanks & Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
7 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.