#5056 closed Bug (invalid)
Protected Tags
| Reported by: | Shaun | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | Core : Output Data | Version: | 3.1 |
| Keywords: | Cc: |
Description
Reading from this page, http://docs.cksource.com/ckeditor_api/symbols/CKEDITOR.config.html#.protectedSource
If I understand correctly, you must have
config.protectedSource.push( /<\?[\s\S]*?\?>/g ); // Allows PHP Code
in your config to be able to use PHP code within the editor.
However, if I load the editor, switch to Source mode, type some simple PHP:
<?php echo 'Whatever I want.'; ?>
and submit, CKEditor does not entitize or remove the PHP code and it goes through unscathed.
This means I have to manually check for PHP code upon submission.
Correct me if I'm wrong, but I believe that is a bug.
Change History (3)
comment:1 Changed 15 years ago by
comment:2 Changed 15 years ago by
| Priority: | High → Normal |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
protectedSource is meant to be used to handle data that otherwise would be destroyed by the editing system or the browser. It is not any kind of clean up or sanitizing system, you must do it yourself at the server.
comment:3 Changed 15 years ago by
Thanks for the explanation.
Perhaps that should be clarified in the API docs.
Forgot to add, although I believe its implied, that I do NOT have
config.protectedSource.push( /<\?[\s\S]*?\?>/g ); // Allows PHP Codeenabled in my config.