Has anyone successfully allowed script tags in the HTMLEditorField? This is what we've done with our attempt, all tags but the script one work
- ->addButtonsToLine(1, 'styleselect')
- ->setOption('importcss_append', true)
- 'iframe[src|name|width|height|title|align|allowfullscreen|frameborder|marginwidth|marginheight|scrolling],' .
- 'table[stroke|color],' .
- 'script[src|async|defer|type|charset],' .
Browsers get pretty smart these days about disallowing XSS. I'm guessing either your browser or SS is doing something to prevent that.
I dug into this and it is definitely happening client side. The configuration ends up with TinyMCE (
tinymce.activeEdtior.extended_valid_elements is correct), but the POST request to update the page already has the tag stripped. Where is this client-side magic coming from?!
Have you maybe deleted a previous element?
What are you doing when you get that error? It looks unrelated to the restful portion and more like an problem with the blog module maybe?
What are the errors you are getting?
Oo looks like another module is setting spam protection and overriding mine. No to figure out which one and why. Update, silverstripe/recipe-blog pulls in silverstripe/akismet which also sets default_spam_protection.
Can anyone think of a reason why setting my default spam protection in my yml wouldn't be getting applied? trying to use nocaptcha on ss4.4
@Jason Hale is that when submitting a user form? If so I came across this the other day too and I made a PR for the fix that worked for me. https://github.com/silverstripe/silverstripe-userforms/pull/913
We're needing to do a migration of the ss3 version of elemental to ss4 is there a task to help with this currently? If not does anyone have any tips for this?