Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

What attributes should we allow in the WYSIWYG editor?


Go to End


3 Posts   3041 Views

Avatar
Sam

Administrator, 690 Posts

11 June 2007 at 2:12pm

We sometimes get clients who want to set up basic javascript functionality in CMS-managed content.

For example, people may want to put an onclick handler on an A tag. Currently the WYSIWYG editor strips them out.

What are the risks of failing to strip out onclick events from content entered into the CMS?

Avatar
mandrew

Community Member, 37 Posts

11 June 2007 at 6:02pm

I think it would be good if there was a flag which could be set by the admin which allows control of this. By default this "enforce clear code" option should be on.

Avatar
sagencreative

Community Member, 5 Posts

27 May 2008 at 10:57am

Is there any progress towards this end? Skype buttons are really cool on contact pages, and it would be nice not to have to do any hacking to allow onclick in the tag.

Silverstripe is wonderful! Thanks for all your hard work.