CKEDITOR config.js file is never loaded.
Closed this issue · 3 comments
I simply put a logger to tell me when it is loaded. It never does load, even if I edit HTML.
I came across this when I was looking at adding in some allowed content rules: http://docs.ckeditor.com/#!/guide/dev_allowed_content_rules. I want to be able to edit HTML without having CKEDITOR strip my HTML classes. What security issues would widgy face if we opened up the rules? Or is this just a job for Unsafe HTML?
The stripping happens in Python. We use bleach to sanitize the HTML. You
can see the code for that in page_builder/forms.py or something around
there. I think you can create your own Field or Widget and pass in your own
arguments to bleach.
I think the reason we don't allow classes specifically (@gavinwahl correct
me if I'm wrong) is that the idea is that we don't want users to break
their design. Ideally users would never touch the source button.
You can edit the config if you want to add to the styles drop-down that
ckeditor has. I can send you an example of how to that if you are
interested.
-Rocky Meza
2014年8月27日 下午5:21于 "zmetcalf" notifications@github.com写道:
I simply put a logger to tell me when it is loaded. It never does load,
even if I edit HTML.I came across this when I was looking at adding in some allowed content
rules: http://docs.ckeditor.com/#!/guide/dev_allowed_content_rules. I
want to be able to edit HTML without having CKEDITOR strip my HTML classes.
What security issues would widgy face if we opened up the rules? Or is this
just a job for Unsafe HTML?—
Reply to this email directly or view it on GitHub
#253.
I would say that it does not get stripped in Python because I can open up the source tab in CKEDITOR, add my class, hit save, and it will keep the styles when I view the page. When I open it back up in CKEDITOR, it strips the classes.
Either way, the config is not getting loaded.
nm, i didn't dump my cache