我正在使用TinyMce,即使有脚本攻击的危险,我需要使用编辑器启用所有html标签.
目前,我用的是:
valid_elements: "@[class],p[style],h3,h4,h5,h6,a[href|target],strong/b,"
+ "div[align],br,table,tbody,thead,tr,td,ul,ol,li,img[src]"
但总是需要添加一些内容,我想要启用所有属性的所有HTML标记.是否有这样的开关禁用HTML过滤?
我必须在Tiny MCE中使用HTML 5 数据属性,但编辑器总是清除它们,因为它不是默认的valid_elements配置已知的属性.
所以这里有2个问题:
到目前为止,我已经尝试过:
extended_valid_elements : '@[id|class|title|style|data-options]',
和:
extended_valid_elements : '*[id|class|title|style|data*]',
但它不起作用:(
TinyMCE的valid_elements属性允许您定义有效HTML元素及其属性的白名单.您只能允许段落和链接:
tinyMCE.init({
valid_elements: 'p,a[href]'
});
但是,该style属性有点问题.对于像对齐这样的某些事情需要它,但如果你允许它,那么它可能包含各种不受欢迎的CSS规则.有没有办法限制其内容只允许某些规则,如下所示:
a[href|style=text-align,font-size,color]
我已经阅读了官方文档和博客文章和SO几个小时,某些地方答案将已经发布..但没有运气.
似乎没有任何配置的摆弄.阻止tinymce从我的输入/提交<p>元素上剥离内联'style'属性.我需要所有输入元素的'style'属性..但我刚开始测试<p>甚至让它工作.
这是我配置的最新版本.(出于许多变化/尝试):
tinyMCE.init({
mode : "textareas",
theme : "advanced",
plugins : "emotions,spellchecker,advhr,insertdatetime,preview,paste,table,media,directionality,style,xhtmlxtras,nonbreaking,pagebreak",
theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,ltr,rtl",
theme_advanced_buttons4 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,nonbreaking,pagebreak",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
doctype : "<!DOCTYPE html>",
convert_urls : false,
//template_external_list_url : "gen4tinymce/lists/template_list.js",
external_link_list_url : "gen4tinymce/lists/link_list.js",
//media_external_list_url : "gen4tinymce/lists/media_list.js",
valid_elements : "@[id|class|style|title|dir<ltr?rtl|lang|xml::lang],"
+ "a[rel|rev|charset|hreflang|tabindex|accesskey|type|"
+ "name|href|target|title|class],strong/b,em/i,strike,u,"
+ "#p[style],-ol[type|compact],-ul[type|compact],-li,br,img[longdesc|usemap|"
+ "src|border|alt=|title|hspace|vspace|width|height|align],-sub,-sup,"
+ "-blockquote,-table[border=0|cellspacing|cellpadding|width|frame|rules|"
+ "height|align|summary|bgcolor|background|bordercolor],-tr[rowspan|width|"
+ "height|align|valign|bgcolor|background|bordercolor],tbody,thead,tfoot,"
+ "#td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor"
+ "|scope],#th[colspan|rowspan|width|height|align|valign|scope],caption,-div,"
+ …tinymce ×4
javascript ×2
attributes ×1
css ×1
html ×1
html5 ×1
rte ×1
validation ×1
wysiwyg ×1