Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I'm writing a non-cached filter (filter is applied every time the text is loaded, rather than saved) using hook_filter_info() and related functions. Right now the filter works great with the standard Drupal editor and Wysiwyg module. But for some reason, CKEditor is applying my filter when the text is loaded, which makes my filter useless. Is CKEditor processing filters when it loads the editor? How can I disabled this behavior for my module? Can this be fixed?
The details of my filter can be found here.
Comment | File | Size | Author |
---|---|---|---|
#5 | ckeditor-security_alter_hook-1327898-5.patch | 1.24 KB | grasmash |
Comments
Comment #1
dwieeb CreditAttribution: dwieeb commentedThe same behavior is occurring with the Token Filter module.
Comment #2
dwieeb CreditAttribution: dwieeb commentedIt appears to be fixed in 1.8.
Comment #3
mkesicki CreditAttribution: mkesicki commentedComment #4
grasmash CreditAttribution: grasmash commentedThis behavior is still occurring on the latest dev.
Comment #5
grasmash CreditAttribution: grasmash commentedThis problems stems from ckeditor_filter_xss(), which is called when CKEditor is loaded. It gets a list of $format_filters and $security_filters for the input_format, and applies them when the editor is loaded.
This is different from the way that Drupal core is designed to handle input formats. Core's approach is to allow users to input content relatively unmolested (save SQL injection sanitization) and then filter the value upon display. If a user were to re-edit the content, they'd see the original input in the textarea. CKEditor does not follow this approach, and thereby creates a very confusing editor experience.
Take this scenario as an example:
These filters should not be applied when CKEditor loads. A few suggestions for ways to make this configurable:
Comment #6
jcisio CreditAttribution: jcisio commentedComment #8
jcisio CreditAttribution: jcisio commentedCommitted and pushed. Thanks!