I'm trying to add the following piece of javascript into some RTE content (into the source code). I've set iframe, script and figure tags to be allowed in the tinyMCE.config file and the code is being added. However the < and > tags within the iframe are being encoded to < and >.
The RTE is meant for writing words and making them beatiful with markup. It's definitely not meant for your editors to alter the HTML of the page. :-)
So if the people that need to write wonderful content in your site really must insert an iframe for some reason you should make sure you build a macro for them which they can insert in the middle of their prose. That should do the trick and it's a whole lot friendlier than making them open up the HTML source and trying to fiddle with it.
You know the RTE is for words and I know the RTE is for words but clients think the RTE is for anything they want on the page, be that text, images, video, javscript tracking code or 3rd party quizzes embedded via iframes :/
I thought I'd have to add a macro or something but was hoping I could get away with not having to as these stupid requests always come up at the busiest possible times :(
I haven't tried but you could probably have a macro with 1 parameter that's a textarea and they can paste all the HTML they want in it (although: hello, security vulnerability alert). That should make them happier for a while. :-)
Just to add on to what Seb says, you definitely want to use a Macro for this. It's super fast to do. Just create a macro with one parameter called html and then in your macro partial add:
@inherits Umbraco.Web.Macros.PartialViewMacroPage
@if (Model.MacroParameters["html"] != null)
{
var htmlCode = Model.MacroParameters["html"].ToString();
if (!String.IsNullOrEmpty(htmlCode))
{
<!-- Embeded Code -->
@Html.Raw(htmlCode)
<!-- End Code -->
}
}
As Seb says, this does give clients the ability to add arbitrary HTML code, which could include vulnerabilities, so be aware.
RTE encoding < and > within iframe tag
I'm trying to add the following piece of javascript into some RTE content (into the source code). I've set iframe, script and figure tags to be allowed in the tinyMCE.config file and the code is being added. However the < and > tags within the iframe are being encoded to
<
and>
.The script I'm including is the following
However once the RTE has finished with it it is this
Does anyone know how to stop the RTE encoding the code like this?
The RTE is meant for writing words and making them beatiful with markup. It's definitely not meant for your editors to alter the HTML of the page. :-)
So if the people that need to write wonderful content in your site really must insert an iframe for some reason you should make sure you build a macro for them which they can insert in the middle of their prose. That should do the trick and it's a whole lot friendlier than making them open up the HTML source and trying to fiddle with it.
You know the RTE is for words and I know the RTE is for words but clients think the RTE is for anything they want on the page, be that text, images, video, javscript tracking code or 3rd party quizzes embedded via iframes :/
I thought I'd have to add a macro or something but was hoping I could get away with not having to as these stupid requests always come up at the busiest possible times :(
I haven't tried but you could probably have a macro with 1 parameter that's a textarea and they can paste all the HTML they want in it (although: hello, security vulnerability alert). That should make them happier for a while. :-)
Just to add on to what Seb says, you definitely want to use a Macro for this. It's super fast to do. Just create a macro with one parameter called
html
and then in your macro partial add:As Seb says, this does give clients the ability to add arbitrary HTML code, which could include vulnerabilities, so be aware.
Thanks both.
I added a macro in. We'll just need to warn the client to be careful about what they put into the textbox.
Just for the records:
it should work without macro by calling the RTE string in the view with
Cheers, Peter
is working on a reply...