TinyMCE removing valid tags_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-04-13 05:17 出处：网络

I\'m using tinyMCE for small site, that is used by people to write simple articles. Usualy they write in MS word and copy text to tinyMCE and submit this.

I'm using tinyMCE for small site, that is used by people to write simple articles. Usualy they write in MS word and copy text to tinyMCE and submit this.

That's why I only allowed few tags:

valid_elements: "a[href|target],strong/b,em/i,div[align],br,p[style|align],ul,li,ol,table,tr,td,iframe[*],img[*]",

But despite allowing img[*] after inserting image by 'Insert/edit image' only:

开发者_C百科

<img alt=""/>

appears in code. Same goes for iframe (which is complitly removed) I've already tried every combination of valid_elements with full list of img and iframe attributes and with extended_valid_elements.

When I remove valid_elements clause everything works fine, but then word formatting which is not allowed (h1, h2, etc) is messing up styles.

TinyMCE version is 3.4.2.

I am using the paste_preprocess setting with the tinymce paste plugin and i filter out unwanted tags there. Here is an example:

in your tinymce init:

paste_preprocess : function(pl, o) {
    //if(console) console.log('Object', o);
    //if(console) console.log('Content:', o.content);
        // usage param1 = the string to strip out tags from, param2 = tags to keep in the string
    o.content = ir.im.strip_tags( o.content,'<p><div><br><br/>' );
},

Help function to strip out tags:

strip_tags = function (str, allowed_tags) {
    var key = '', allowed = false;
    var matches = [];    var allowed_array = [];
    var allowed_tag = '';
    var i = 0;
    var k = '';
    var html = ''; 
    var replacer = function (search, replace, str) {
        return str.split(search).join(replace);
    };
     // Build allowes tags associative array
    if (allowed_tags) {
        allowed_array = allowed_tags.match(/([a-zA-Z0-9]+)/gi);
    }
     str += '';

    // Match tags
    matches = str.match(/(<\/?[\S][^>]*>)/gi);
     // Go through all HTML tags
    for (key in matches) {
        if (isNaN(key)) {
            // IE7 Hack
            continue;        }

        // Save HTML tag
        html = matches[key].toString();
         // Is tag not in allowed list? Remove from str!
        allowed = false;

        // Go through all allowed tags
        for (k in allowed_array) {            // Init
            allowed_tag = allowed_array[k];
            i = -1;

            if (i != 0) { i = html.toLowerCase().indexOf('<'+allowed_tag+'>');}           
            if (i != 0) { i = html.toLowerCase().indexOf('<'+allowed_tag+' ');}
            if (i != 0) { i = html.toLowerCase().indexOf('</'+allowed_tag)   ;}

            // Determine
            if (i == 0) {                allowed = true;
                break;
            }
        }
         if (!allowed) {
            str = replacer(html, "", str); // Custom replace. No regexing
        }
    }

     return str;
};