[Solved] home text editor

[Jimbola]

Hi all

I'm using the Home Text Editorial Module to display and image (thats fine) but when I add a rollover image (on mouseover) and click update i get the following message

The following field is invalid according to the validate method isCleanHTML:
(EditorialClass->body_paragraph = for language 1)

Does anyone know what that means and how to resolve it?

[shokinro]

but when I add a rollover image (on mouseover) and click update i get the following message

I am not sure how is your "rollover image" implements, it must bed using Javascript.
I don't think the editor will allow use javascript in the html.

[shokinro]

I just tried your scenario. it did gave the validation error.
it seems the html below the error message itself is working fine.
So I just try to remove the validation to let it pass. but after that, it does not save anything.

to remove the validation, remove this line from file /modules/editorial/EdtorialClass.php

        'body_paragraph' => 'isCleanHtml',

there might be a bug here. I am not sure.
I am still trying to find a solution for you.

[shokinro]

I think there is problem with the validation that does not pass the validation.
so I just tried to bypass the validation by change Validation.php file.

It did worked. see http://expresscheckout.dyndns.org:8080/shop1425/

/YourSiteRoot/classes/Validation.php

Change this code

    static public function isCleanHtml($html)
   {
       $jsEvent = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave';
       return (!preg_match('/<[ \t\n]*script/i', $html) && !preg_match('/<?.*('.$jsEvent.')[ \t\n]*=/i', $html)  && !preg_match('/.*script\:/i', $html));
   }

To this code (comment out two lines, and add one line "return true;")

    static public function isCleanHtml($html)
   {
//        $jsEvent = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave';
//        return (!preg_match('/<[ \t\n]*script/i', $html) && !preg_match('/<?.*('.$jsEvent.')[ \t\n]*=/i', $html)  && !preg_match('/.*script\:/i', $html));
       return true;
   }

But this is not a good idea, to remove the validation all the same.
You can make the change temporary and save your changes, then restore that file.

it is walk around, not a fix.

[Jimbola]

Thank you really helped me out.

[jmaumene]

It's realy an BAD IDEA !

the method iscleanHtml check the XSS... D'ont change the Validation class

 

if you want use javascript in home text editor, change the file modules/editorial/EditorialClass.php

 

Change this :

'body_paragraph' => 'isCleanHtml',

 

by this :

'body_paragraph' => 'isString',

[Peti_]

It's realy an BAD IDEA !

the method iscleanHtml check the XSS... D'ont change the Validation class

 

if you want use javascript in home text editor, change the file modules/editorial/EditorialClass.php

 

Change this :

'body_paragraph' => 'isCleanHtml',

 

by this :

'body_paragraph' => 'isString',

 

Thanks.