If at least one "security filter" has been selected for a profile, then all of them are applied. Consequently, you can end up with really messed up content showing up in the editor after the AJAX call to "ckeditor/xss".

In our case, we have the Messaging module installed, which provides a filter to convert HTML to plain text. We have only the "HTML filter" filter enabled for one profile, but because of this bug, the filter from Messaging also gets applied and so the content for any CKEditor field gets stripped of all HTML formatting.

So far as I know, this is limited to the D6 codeline.

#1 0001-1491462-all-filters-applied.patch450 byteskevin.dutra
Members fund testing for the Drupal project. Drupal Association Learn more


kevin.dutra’s picture

Here is a patch to solve this.

kevin.dutra’s picture

Status: Active » Needs review
dczepierga’s picture

Status: Needs review » Fixed

@kevin.dutra, really thx for your patch and review. We lose this in one of the patches and i don't know why...

I commit it to GIT (diff)

kevin.dutra’s picture

You're welcome, and thank you for the quick turnaround on this. Do you have an idea of when you might release 6.x-1.11?

mkesicki’s picture

@kevin.dutra the next release will be as soon as possible. For now please use DEV version or your patch.

kevin.dutra’s picture

Cool, thanks!

mkesicki’s picture

Status: Fixed » Closed (fixed)