Aetherdan Posted April 16, 2018 Posted April 16, 2018 I created my own CKEditor plugin that takes highscore stats from an API and displays it in the post. The problem is with styling, the editor shows the content perfectly fine, but once its posted, IPS strips away the id and class attributes for any user rank that doesn't have html enabled. I find it odd that it has no issue leaving all the other attributes, yet strips those particular ones. It also appears to remove the display class from any hard coded styling via the style attribute. Is there a setting somewhere or some code I can modify to allow both id and class? I tried the following to allow the display class, but it didn't resolve the issue:
opentype Posted April 16, 2018 Posted April 16, 2018 You need to put the class name in that whitelisting field, not the CSS values you want to set.
bfarber Posted April 16, 2018 Posted April 16, 2018 Indeed, opentype is right. The problem here is that allowing any CSS or id attributes can lead to big problems (we have seen users maliciously use modal CSS classes in posted content and so on, effectively taking over a page). Thus, if you wish to allow custom CSS classes through you must whitelist those classes first.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.