2

I've noticed a problem when inserting an uploaded image into a textarea via the WYSIWYG editor (e.g. a page chunk in the Pages module). The alignment on the inserted image is not retained after updating the record.

After a bit of testing I noticed that the alignment on the image is done by adding an inline style to the img tag e.g. style='float:right', however if an 'align=right' attribute is manually added instead, this is retained after saving to the database.

My assumption is therefore that Pyro is stripping inline styles from WYSIWYG content. Is there a way to prevent this?

Phil
  • 371
  • 1
  • 4
  • 13
  • Often the WYSIWYG editors do check the content itself; so if you manually add something - it could replace it, because it doesn't know that element at that place. So you must manualy edit in code view every update, or simply use only the WYSIWYG features to edit your content. – ArendE Mar 30 '12 at 11:27

1 Answers1

3

This is because XSS filtering is turned on for the module in question.

In the Pyro database there's a table named default_modules (or something else if you have a different site identifier).

In that table there's a column named skip_xss. You can set this to 1 to allow inline styles (and some other, potentially dangerous content) in form input for a given module.

If you're making a custom module, you can add skip_xss => 1 to $info in your details.php file to start with XSS filtering turned off.

Msonic
  • 1,456
  • 15
  • 25
Jacob Sewell
  • 31
  • 1