2 Replies Latest reply on Aug 14, 2012 8:15 AM by benid0r

Block unwanted tags from drag&drop

benid0r Jul 27, 2012 3:44 AM

we successfully block any unwanted tags pasted from the clipboard, what passes the rte edit plugin and paste-wordhtml is what we want. Fine.

But authors are still able to inject everything they want by using drag&drop from external programs. I.e. they edit a simple HTML file, add some <pre> code, display it in a webbrowser, mark and drag it to the editor.

We tried whatever we could find in the rte configuration, but it looks like the paste settings completely forgot about drag&drop.

So the question is: how do you avoid unwanted tags from drag&drop? Or better, how to you whitelist what you want to allow?

1. Re: Block unwanted tags from drag&drop

Sham HC Jul 29, 2012 6:39 PM (in response to benid0r)

D&D from other browser window is not supported. See if something can be implemented at project level on similar lines as [1].

http://blog.navigationarts.com/modifying-an-extjs-authoring-interface-in-cq5/
Like Show 0 Likes(0)

Actions
2. Re: Block unwanted tags from drag&drop

benid0r Aug 14, 2012 8:15 AM (in response to Sham HC)

Back from vacation, sorry for the delay.

No, you got me wrong, we don't need D&D supported. Instead D&D is supported too much for our needs, as you can drop <pre> or <table> tags into RTE, even if these tags are filtered when pasting from the clipboard. You even can resize a dropped table with the mouse, so D&D seems to be supported very well.

Some sanitizing seems to be done anyway, because <marquee> tags are removed, it looks like there is some sort of blacklist. How is this controlled?
Like Show 0 Likes(0)

Actions

Go to original post

Legend

Correct Answers - 10 points