craftcms/ckeditor

CKEditor + New Entry Type + Custom HTML Purifier. Entry Type is stripped by HTML Purifier

Closed this issue · 1 comments

rogerdawkins commented

Description

I've created a CKEditor field and added an Entry Type plus the New Entry item on the toolbar. I've done this before with other CKEditor fields and it's all worked fine. However, in this case the Entry Type card is shown in the editor but as soon as I either save the data or switch to Preview the card is deleted. Therefore I'm assuming that is because HTML Purifier is removing it.

On the other CKEditor fields that do work they are using the Default config option. On the field that fails I'm using a custom HTML Purifier config, shown below.

{
    "Attr.AllowedFrameTargets": ["_blank"],
    "Attr.AllowedRel": ["noopener", "noreferrer"],
    "Attr.EnableID": true,
    "HTML.Allowed": "a[href|title|style|rel|target], abbr[title], acronym[title], b, blockquote[cite], br, caption, cite, code, dd, del, dfn, div[class|style], dl, dt, em, h1, h2[class], h3[class], h4[class], h5, h6, i, img[src|alt|title|class|style|width|height], ins, kbd, li, oembed[url], ol, p[style], pre, s, strike, strong, sub, sup, table, tbody, td[style|colspan|rowspan], tfoot, th, thead, tr, tt, u, ul, var, iframe[src|height|width|style], span[class|style], figure[class|style]",
    "HTML.SafeIframe": true,
    "URI.SafeIframeRegexp": "%^https?://(forms.office.com/|www.youtube.com/|www.yumpu.com/|docs.google.com/|www.google.com/|player.vimeo.com/|vimeo.com|youtu.be/|youtube.com/)%",
    "URI.AllowedSchemes": ["http", "https", "mailto", "ftp", "nntp", "news", "tel", "data"]
}

So, I have two questions:

  1. Can you tell me what I need to add to my config above to allow my new Entry Type to work? The content of the Entry Type is irrelevant as it works fine with the Default config.
  2. Is it possible for P&T to supply a sample config file that exactly matches what the 'Default' config does? Since starting to use a custom config I've been constantly editing the config file to get standard functions to work.

Steps to reproduce

  1. Create a custom HTML Purifier config containing my above config
  2. Create a CKEditor field using the above HTML Purifier config
  3. Add the New Entry type dropdown to the CKEditor toolbar
  4. Add one or more Entry Types to the CKEditor field
  5. Add an Entry Type in a field using the CKEditor field
  6. Save or Preview and the Entry Type card is deleted

Additional info

  • Craft version: 5.3.6
  • PHP version: 8.2.22
  • Database driver & version: MySQL 8.0.36
  • Plugins & versions: CKEditor, CPCSS, Feed Me, PDF Transform, SEOMate, Sprig, Vite (all latest)
i-just commented

Hi, thanks for reaching out!

You can find the default HTML Purifier that ships with our started project here: https://github.com/craftcms/craft/blob/5.x/config/htmlpurifier/Default.json.

If you want to modify your config to allow for nested entries inside a CKEditor field, you’ll have to adjust the “HTML.Allowed” value to add craft-entry[data-entry-id].

I hope this helps!

I’ll close this now, but feel free to reach out if you have any further questions.

  • 👍1