This patch modifies the ckeditor xss url to be passed through the url() function. This is so that sites that want to control access to php files (such as index.php) can do so without having to hack this module.

ckedtior-xss-path.patch1.77 KBacbramley


mkesicki’s picture

Status:Active» Needs review

thank you for patch.

Josh Waihi’s picture

Status:Needs review» Reviewed & tested by the community

This is good, and makes ckeditor follow the convention set by Drupal. +1

jtwalters’s picture

I used the patch as well, and it resolved an edge-case issue I was having. +1

dczepierga’s picture

Title:Change ckeditor xss url to be passed through url()» [D7] Change ckeditor xss url to be passed through url()
Status:Reviewed & tested by the community» Fixed

Changes commited to GIT (diff).

Really thx for patch and help.


halcyonCorsair’s picture


It seems you forgot to attribute correct authorship to @acbramley, you can see how to do so here:

mkesicki’s picture

Status:Fixed» Closed (fixed)