DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

CK Editor - WSIWYG editor hides span tags with class attribute - Is there a way to change that?

Sort:
You are not authorized to post a reply.
Page 2 of 2 << < 12





Veteran Member





    Hi Ton,

    did you read the blog articles I linked to in my first post of this thread? They should be helpful...

    Happy DNNing!
    Michael

    Michael Tobisch
    DNN★MVP

    dnnWerk Austria
    DNN Connect





    New Around Here





      Hi Michael,

      Thank you for your answer.

      I have read your Topics and also from Timo.
      These solutions are beyound my scope of knowledge.
      I' am just a enduser and changing all kind of settings is difficult.

      I have tried the solution of Timo.
      This seems to me the simpelest solution however, it did not worked.

      I use a theme made by Easydnnsolutions.
      There are examples how to add buttons, a gallery or other fancy stuff.
      When I tried to add them then I got the editor problem of not saving the text in original form.

      Then I went to w3schools website and they have all kind of nice features to add in your text.
      However, I got the same problem.

      How is this possible? I asked myself.
      I had the same features of easydnnsolution earlier in my website added and they working still fine.
      Copy and paste these text into another html module give the same problem.
      Then I uploaded a theme of another company and this was also not working.
      I discovered it is the html editor who destroys the text in the wysiwyg mode.
      Saving the text in source mode is the only option to get it working now.

      The difference is this DNN 9.10.0 with the former version.
      Somewere on the line this went wrong with the upgrade of DNN.
      All themes with all these nice features are not usefull anymore, except if you save their code in source mode.

      Is or will be this bug resolved with the next version of DNN?

      Regards, Ton




       






      Veteran Member





        Ton,

        in my opinion, this is not a bug of DNN, but how CK Editor works. The easiest way to solve this (even if it is totally insecure and definitely not recommended) is to add something like "*(*)" in the extra allowed content option - this would allow everything, and again: it could be dangerous, as "everything" also includes malicious scripts.

        Happy DNNing!
        Michael

        Michael Tobisch
        DNN★MVP

        dnnWerk Austria
        DNN Connect





        New Around Here





          Hi all,

          I have resolved the problem with stripping by changing the settings in the CKeditor>editor configuration->AllowedContent

          This is default set to false
          Change this to true

          For security reasons I have set this only to the "module".
          When you sure you are done then you can set it back to false.

          I know from other people that for security reasons you have to be carefull with this.
          However, if you are able to put everything in source mode, then why not in view mode?
          It is the same as you have 20 locks on the frontdoor of your house and the backdoor is wide open.

          Best wishes and regards, Ton






          Senior Member





            Posted By Ton Hermes on 12/21/2022 6:53 AM

            However, if you are able to put everything in source mode, then why not in view mode?
            It is the same as you have 20 locks on the frontdoor of your house and the backdoor is wide open.

            Actually, that's a valid question, which is why there was a single release around DNN 5.x or 6.x where the ability to enter potentially harmful code in the HTML module was completely detected and blocked. It worked so well, that the ecosystem had a revolt, but the DNN Pro customers at the time also revolted. So, the ability was restored in the very next release.  

            The core reason for removing it was that it was just a way to get around the security of the module that was trying to protect you.  The compromise was that if you use Textbox mode, then it's assumed you're a highly knowledgeable person that realizes and takes responsibility for the security risks.  

            I only know this because I began to get a ton of support requests for my once-popular Content Injection module.  I did happen to work there at the time, though. So, I understand the intent.  

             






            New Around Here





              Thanks Will for your answer.

              There are 3 levels of users in DNN
              Host
              Admin
              User

              In the editor settings you can assign the possibilities to each level of user.
              Why do the programmers not make 3 levels of view and source mode?
              Then you have resolved this problem I think?

              Regards, Ton






              Veteran Member





                I would never ever allow users to edit the source code (you can remove this button for users). Many of them are really creative in crashing the design of a web page.

                Happy DNNing!
                Michael

                Michael Tobisch
                DNN★MVP

                dnnWerk Austria
                DNN Connect





                Senior Member





                  Like you've seen with Michael's instant reaction, allowing for the source code to be edited directly in the user interface in DNN is not only something that receives instant "no" reactions from people with security backgrounds - but it also instantly removes DNN from the running in any environment with security standards that prevent this (which is to say, most of them).  

                  Anyhow, I do agree that it would be nice if there were an easier way to do this. 

                  So far, that has been to forgo the HTML module and use structured content in most cases.  It really is the better solution compared to any alternatives I've seen so far.  This forum thread is a perfect example of that.  

                  If you come up with a better or more creative idea, I'm sure that the "right" idea could spark a very useful and exciting change to help us all.  Though, I again don't know what that would be right now. 

                  You are not authorized to post a reply.
                  Page 2 of 2 << < 12

                  These Forums are dedicated to the discussion of DNN Platform.

                  For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                  1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                  2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                  3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                  4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                  5. No Flaming or Trolling.
                  6. No Profanity, Racism, or Prejudice.
                  7. Site Moderators have the final word on approving / removing a thread or post or comment.
                  8. English language posting only, please.

                  Would you like to help us?

                  Awesome! Simply post in the forums using the link below and we'll get you started.

                  Get Involved