Hi Ton,

did you read the blog articles I linked to in my first post of this thread? They should be helpful...

Happy DNNing!
Michael

Hi Michael,

Thank you for your answer.

I have read your Topics and also from Timo.
These solutions are beyound my scope of knowledge.
I' am just a enduser and changing all kind of settings is difficult.

I have tried the solution of Timo.
This seems to me the simpelest solution however, it did not worked.

I use a theme made by Easydnnsolutions.
There are examples how to add buttons, a gallery or other fancy stuff.
When I tried to add them then I got the editor problem of not saving the text in original form.

Then I went to w3schools website and they have all kind of nice features to add in your text.
However, I got the same problem.

How is this possible? I asked myself.
I had the same features of easydnnsolution earlier in my website added and they working still fine.
Copy and paste these text into another html module give the same problem.
Then I uploaded a theme of another company and this was also not working.
I discovered it is the html editor who destroys the text in the wysiwyg mode.
Saving the text in source mode is the only option to get it working now.

The difference is this DNN 9.10.0 with the former version.
Somewere on the line this went wrong with the upgrade of DNN.
All themes with all these nice features are not usefull anymore, except if you save their code in source mode.

Is or will be this bug resolved with the next version of DNN?

Regards, Ton

 

Ton,

in my opinion, this is not a bug of DNN, but how CK Editor works. The easiest way to solve this (even if it is totally insecure and definitely not recommended) is to add something like "*(*)" in the extra allowed content option - this would allow everything, and again: it could be dangerous, as "everything" also includes malicious scripts.

Happy DNNing!
Michael

Hi all,

I have resolved the problem with stripping by changing the settings in the CKeditor>editor configuration->AllowedContent

This is default set to false
Change this to true

For security reasons I have set this only to the "module".
When you sure you are done then you can set it back to false.

I know from other people that for security reasons you have to be carefull with this.
However, if you are able to put everything in source mode, then why not in view mode?
It is the same as you have 20 locks on the frontdoor of your house and the backdoor is wide open.

Best wishes and regards, Ton

Posted By Ton Hermes on 12/21/2022 6:53 AM

However, if you are able to put everything in source mode, then why not in view mode?
It is the same as you have 20 locks on the frontdoor of your house and the backdoor is wide open.

Actually, that's a valid question, which is why there was a single release around DNN 5.x or 6.x where the ability to enter potentially harmful code in the HTML module was completely detected and blocked. It worked so well, that the ecosystem had a revolt, but the DNN Pro customers at the time also revolted. So, the ability was restored in the very next release.  

The core reason for removing it was that it was just a way to get around the security of the module that was trying to protect you.  The compromise was that if you use Textbox mode, then it's assumed you're a highly knowledgeable person that realizes and takes responsibility for the security risks.  

I only know this because I began to get a ton of support requests for my once-popular Content Injection module.  I did happen to work there at the time, though. So, I understand the intent.  

 

Thanks Will for your answer.

There are 3 levels of users in DNN
Host
Admin
User

In the editor settings you can assign the possibilities to each level of user.
Why do the programmers not make 3 levels of view and source mode?
Then you have resolved this problem I think?

Regards, Ton

I would never ever allow users to edit the source code (you can remove this button for users). Many of them are really creative in crashing the design of a web page.

Happy DNNing!
Michael

Like you've seen with Michael's instant reaction, allowing for the source code to be edited directly in the user interface in DNN is not only something that receives instant "no" reactions from people with security backgrounds - but it also instantly removes DNN from the running in any environment with security standards that prevent this (which is to say, most of them).  

Anyhow, I do agree that it would be nice if there were an easier way to do this. 

So far, that has been to forgo the HTML module and use structured content in most cases.  It really is the better solution compared to any alternatives I've seen so far.  This forum thread is a perfect example of that.  

If you come up with a better or more creative idea, I'm sure that the "right" idea could spark a very useful and exciting change to help us all.  Though, I again don't know what that would be right now.