diff --git a/src/Orchard.Web/Modules/TinyMce/Handlers/TinyMceSettingsPartHandler.cs b/src/Orchard.Web/Modules/TinyMce/Handlers/TinyMceSettingsPartHandler.cs new file mode 100644 index 000000000..fe8003524 --- /dev/null +++ b/src/Orchard.Web/Modules/TinyMce/Handlers/TinyMceSettingsPartHandler.cs @@ -0,0 +1,27 @@ +using Orchard.ContentManagement; +using Orchard.ContentManagement.Handlers; +using Orchard.Localization; +using TinyMce.Models; + +namespace TinyMce.Handlers +{ + public class TinyMceSettingsPartHandler : ContentHandler + { + public TinyMceSettingsPartHandler() + { + T = NullLocalizer.Instance; + Filters.Add(new ActivatingFilter("Site")); + Filters.Add(new TemplateFilterForPart("TinyMceSettings", "Parts.TinyMce.TinyMceSettings", "TinyMCE")); + } + + public Localizer T { get; set; } + + protected override void GetItemMetadata(GetContentItemMetadataContext context) + { + if (context.ContentItem.ContentType != "Site") + return; + base.GetItemMetadata(context); + context.Metadata.EditorGroupInfo.Add(new GroupInfo(T("TinyMCE"))); + } + } +} diff --git a/src/Orchard.Web/Modules/TinyMce/Models/TinyMceSettingsPart.cs b/src/Orchard.Web/Modules/TinyMce/Models/TinyMceSettingsPart.cs new file mode 100644 index 000000000..8af267090 --- /dev/null +++ b/src/Orchard.Web/Modules/TinyMce/Models/TinyMceSettingsPart.cs @@ -0,0 +1,13 @@ +using Orchard.ContentManagement; + +namespace TinyMce.Models +{ + public class TinyMceSettingsPart : ContentPart + { + public string ValidElements + { + get { return this.Retrieve(x => x.ValidElements); } + set { this.Store(x => x.ValidElements, value); } + } + } +} diff --git a/src/Orchard.Web/Modules/TinyMce/Scripts/orchard-tinymce.js b/src/Orchard.Web/Modules/TinyMce/Scripts/orchard-tinymce.js index 6665569e0..d7c5dda9d 100644 --- a/src/Orchard.Web/Modules/TinyMce/Scripts/orchard-tinymce.js +++ b/src/Orchard.Web/Modules/TinyMce/Scripts/orchard-tinymce.js @@ -24,9 +24,7 @@ tinyMCE.init({ ], toolbar: "undo redo cut copy paste | bold italic | bullist numlist outdent indent formatselect | alignleft aligncenter alignright alignjustify ltr rtl | " + mediaPlugins + " link " + contentPickerButtons + " unlink charmap | code htmlsnippetsbutton fullscreen", convert_urls: false, - valid_elements: "*[*]", - // Shouldn't be needed due to the valid_elements setting, but TinyMCE would strip script.src without it. - extended_valid_elements: "script[type|defer|src|language]", + valid_elements: validElements, //menubar: false, //statusbar: false, skin: "orchardlightgray", diff --git a/src/Orchard.Web/Modules/TinyMce/TinyMce.csproj b/src/Orchard.Web/Modules/TinyMce/TinyMce.csproj index dfaa1e199..3d04ab565 100644 --- a/src/Orchard.Web/Modules/TinyMce/TinyMce.csproj +++ b/src/Orchard.Web/Modules/TinyMce/TinyMce.csproj @@ -313,6 +313,8 @@ + + @@ -381,6 +383,7 @@ + diff --git a/src/Orchard.Web/Modules/TinyMce/Views/Body-Html.Editor.cshtml b/src/Orchard.Web/Modules/TinyMce/Views/Body-Html.Editor.cshtml index 3010cb895..43e9f1d9a 100644 --- a/src/Orchard.Web/Modules/TinyMce/Views/Body-Html.Editor.cshtml +++ b/src/Orchard.Web/Modules/TinyMce/Views/Body-Html.Editor.cshtml @@ -3,11 +3,13 @@ @using Orchard.Environment.Descriptor.Models @using Orchard.Localization @using Orchard.Mvc.Extensions +@using TinyMce.Models @using TinyMce.Settings @{ var propertyName = Model.PropertyName != null ? (string)Model.PropertyName : "Text"; var shellDescriptor = WorkContext.Resolve(); var urlPrefix = WorkContext.Resolve().RequestUrlPrefix; + var validElements = WorkContext.CurrentSite.As().ValidElements; if (!string.IsNullOrWhiteSpace(urlPrefix)) { urlPrefix += "/"; } @@ -33,6 +35,7 @@ var mediaLibraryEnabled = @(shellDescriptor.Features.Any(x => x.Name == "Orchard.MediaLibrary") ? "true" : "false"); var contenPickerEnabled= @(shellDescriptor.Features.Any(x => x.Name == "Orchard.ContentPicker") ? "true" : "false"); var tokensHtmlFilterEnabled= @(shellDescriptor.Features.Any(x => x.Name == "Orchard.Tokens.HtmlFilter") ? "true" : "false"); + var validElements = "@validElements"; var directionality = "@WorkContext.GetTextDirection((IContent)Model.ContentItem)"; var language = "@Model.Language"; var autofocus = "@(Model.AutoFocus == true ? ViewData.TemplateInfo.GetFullHtmlFieldId(propertyName) : null)"; diff --git a/src/Orchard.Web/Modules/TinyMce/Views/EditorTemplates/Parts.TinyMce.TinyMceSettings.cshtml b/src/Orchard.Web/Modules/TinyMce/Views/EditorTemplates/Parts.TinyMce.TinyMceSettings.cshtml new file mode 100644 index 000000000..2cbca2766 --- /dev/null +++ b/src/Orchard.Web/Modules/TinyMce/Views/EditorTemplates/Parts.TinyMce.TinyMceSettings.cshtml @@ -0,0 +1,12 @@ +@model TinyMce.Models.TinyMceSettingsPart + +
+ @T("TinyMCE") +
+ + @Html.TextBoxFor(m => m.ValidElements, new { @class = "text large" }) + @T("Refer to the TinyMCE documentation on configuring allowed elements.") + @T("
By default, TinyMCE sanitizes input and removes all script tags for security. To restore the same behavior as prior to Orchard 1.11 instead, set this value to \"*[*],script[type|defer|src|language]\".") + @T("NOTE: This will allow every element with every attribute, and explicitly adds support for script tags, including the type, defer, src, and language attributes. Be aware that this completely disables HTML sanitization and should only be used in trusted environments.") +
+
\ No newline at end of file