I have couple of content types using CKEditor on body field. The problem is in one of them. While adding content type post everything works as it should and the CKEditor appears normally. Unfortunately after adding when I enter node edit form there's body field without the CKEditor though the filter, permissions and all configuration is set correctly. This is not happening in other content types and there are no js errors in the console which I expected at first.
Caches cleared multiple times. Drupal version is 7.22.

Did anyone had an issue like this?

Comments

philipz’s picture

I've found out that there is something strange happening. There's a request being made to /ckeditor/xss that is returning "-1011" response code. This is happening at load and when I'm switching Full / Filtered HTML.

philipz’s picture

Title:CKEditor does not appear in edit mode for one content type» CKEditor does not appear due to ckeditor/xss empty response

EDIT: Changing title after some debugging.

This must be related to xss filtering somehow. I've done dpm to $text output in the ckeditor_filter_xss() function and it should work fine. The text shows up correctly in dpm() but not in XHR request send to ckeditor/xss witch is empty (saying only Code -1011).

I've also added config.allowedContent = true; to advanced settings but this did not help.

philipz’s picture

Now I've found a situation where one node has a body with summary both filled. The summary textarea does not have ckeditor applied and the body has ckeditor applied normally. There are two calls to ckeditor/xss - one returned with status 200 for the body and one empty for the summary.
The summary has no html in it - just plain text.

jcisio’s picture

Could you post the header and payload of the request with empty response? Can you reproduce in another website? Which filters are being used?

philipz’s picture

Yes, I tested it in Firefox and Safari. This is not something I've been able to reproduce anywhere else unfortunately.
The only used filter is changing new lines to <br> and <p> tags.

Here's the request data from Safari. There are no response header or response data.

Request Data

text Podsumowanie pierwszych trzech miesięcy wyprawy HTC Author American Expedition 2013
input_format full_html
token kvDnFxhqfmf0jZktksmJIUHIAl1IRMpCTmliN7ceZo0

Request Headers

Accept */*
Referer http://author.pl/node/4321/edit
Origin http://author.pl
X-Requested-With XMLHttpRequest
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.59 (KHTML, like Gecko) Version/6.1 Safari/537.59
Content-Type application/x-www-form-urlencoded

Funny thing in Firefox the response is "301 Moved Permanently" and I can see response header witch contains "Location" (but different than my site domain). The request's that are not failing do not have this location at all.

Cache-Control no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding gzip
Content-Language pl
Content-Length 103
Content-Type text/html; charset=utf-8
Date Tue, 27 Aug 2013 14:06:43 GMT
Etag "1377612403"
Expires Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified Tue, 27 Aug 2013 14:06:43 +0000
Location http://blogrowerowy.pl
Server Apache/2.2.22 (Ubuntu)
Vary Accept-Encoding
X-Powered-By PHP/5.3.10-1ubuntu3.4
philipz’s picture

After some more debugging and testing in Firebug I'm sure the ckeditor_filter_xss is not the problem here. The function returns the XHR request or at least is trying to as it should. This might be not CKEditor module bug but some other problem related to Drupal core or server configuration.

One thing is sure for me here is that the requests that are working fine do not have "location" in response headers and the ones failing do have one and it's different than my Drupal webpage. The location domian in failing requests is my other website on the same server but running on Wordpress. This is very strange.

joessoft’s picture

Just came to see if I were alone on the following... not glad I am not alone.. yet, misery does
love company.. (evil grin)

page not found 10/13/2013 - 10:43 ckeditor/xss admin
page not found 10/13/2013 - 10:43 ckeditor/xss admin
page not found 10/13/2013 - 10:43 ckeditor/xss admin
page not found 10/13/2013 - 10:42 ckeditor/xss admin

same bug I guess as the WYSIWYG ed is present initially... but on revision.. forgetaboutit.. no ed and will not save the
changes. It also appears to be looking where CKED isn't living:

Type page not found
Date Sunday, October 13, 2013 - 10:43
User admin
Location http://mydomain.com/ckeditor/xss <------ wrong -----<<<-( actual sites/all/moduals/ckeditor )
Referrer http://mydomain.com/xxxxxx/x/edit
Message ckeditor/xss
Severity warning

If at first you don't succeed.. other than informing others, don't whine, HACK!

Later

Joe - over 66 and still having fun on the web playing in the cyber sandbox.

jcisio’s picture

#7 The path is correct, ckeditor/xss is a path defined in ckeditor_menu(), not a static file.

philipz’s picture

What I ended up doing was disabling ajax call for xss filters in includes/ckeditor.utils.js on line 163. This is my temporary solution to the problem:

if (false && run_filter && ($("#" + textarea_id).val().length > 0) && typeof(ckeditor_obj.input_formats[ckeditor_obj.elements[textarea_id]]) != 'undefined' && ((ckeditor_obj.input_formats[ckeditor_obj.elements[textarea_id]]['ss'] == 1 && typeof(Drupal.settings.ckeditor.autostart) != 'undefined' && typeof(Drupal.settings.ckeditor.autostart[textarea_id]) != 'undefined') || ckeditor_obj.input_formats[ckeditor_obj.elements[textarea_id]]['ss'] == 2)) {

Shane Birley’s picture

Issue summary:View changes

I have a question about what sort of caching schemes are being used. I have been running across this issue but it is normally due to cache tables not being cleared and the XSS failing.

When I have experienced this problem, I have been installing Expire module (2.x branch) and it resolves the issue as I can force the cache to be cleared for the nodes being created or being updated.

Just my two cents...

bdimaggio’s picture

#9 worked for me, in a pinch.

shi99’s picture

#9 solved my issue, even if it's not ideal. Thanks

My issue is slightly different that when I switch from plain text to Full HTML the WYSIWYG would actually load one of the pages on my site into the WYSIWYG. Very odd since I'm not sure why it would call that page.

Anyway disabling the ajax call mentioned in #9 is a temp fix for me now.

Thanks for your help. If I find out any other info I will add it to this issue.

shi99’s picture

I think the latest version of CKEditor (7.x-1.16) fixes this issue. I have updated my CKEditor and do not need to use the fix mentioned in #9 anymore.

It would be good to confirm if it fixed it for anybody else.

fgjohnson’s picture

I resolved this using the following.
Initially the Default and Alternate jQuery settings were @ 1.10.
CKEditor didn't work in Full or Filtered.

Drupal 7.32
Bootstrap 7.x-3.0
CKEditor Module 7.x-1.16 - No special settings
jQuery update Module = 7.x-2.4
- Set Default jQuery version = 1.8
- Alternate jQuery version = 1.8
- jQuery and jQuery UI CDN = jQuery, Google or MS

Dropping to 1.8 was the trick.
shrug... I don't know where to find the version I've got installed. :-)

Granitize me!

hanspln’s picture

#14 worked for me, "Dropping to 1.8 was the trick"

Paulraj Augustin’s picture

#14 Is not working for me.
Checking my console I got the error as

POST http://www.example.com/ckeditor/xss 500 (Internal Server Error) jquery-1.8.2.min.js:2

#9 solved my issue, but it is a temp fix.

Edited:
I found that the problem unique to a content (node), for all other content the editor looks fine.

sideswitch’s picture

I also have this issue still with CkEditor 7.1.16 and jQuery Update set to 1.8. (I've tried all versions from 1.5 up). Drupal 7.32

#9 does solve my issue to a degree - CkEditor shows in Full HTML as assigned. It seems however that no matter whether I disable ACF or not, ACF also still removes all my html tags, but this is another issue.

Will #9 be rolled into next release?

andykisaragi’s picture

I have the same problem as #16 - 500 error.

In my case though it's due to a memory leak which I haven't tracked down yet - Apache error log is full of memory limit errors.

Can confirm that #9 gets around it for now.

#17, no it shouldn't be rolled into the release! it's not a fix, just a hacky workaround (one which I'm thankful for!)

markbannister’s picture

I had issues with filtered not showing the editor.
Just installing jquery_update 7.x-2.4 fixed this for me.
I can set jquery to 1.8, 1.9 or 1.10 all they all work

Fiselier’s picture

In my setup I experience trouble: some pages show the ckeditor, some don't. When changing the theme during the editing of a non-functioning page, the ckeditor reappears, the next time it's gone again. (no matter what theme I use). Within PhPAdmin I cannot find any differences between the pages.
Any help?

andykisaragi’s picture

Fiselier, any js errors in your console on the non-ckeditor pages?

75th Trombone’s picture

I was getting 500 errors from one field in a field collection on one node. I figured out that the error would only show up when this consecutive string of text from that node was in the field:

selective coating that absorbs solar energy well but inhibits radiative heat loss. The air is withdrawn ("evacuated") from

Do you see the problem?

SELECTive coating that absorbs solar energy well but inhibits radiative heat loss. The air is withdrawn ("evacuated") FROM

Clearly, something is seeing that embedded in my paragraphs of information on solar energy, identifying it as a SQL injection attempt, and doing something stupid. That string produces the problem in any CKEditor field on my site.

Once I figure out the exact problem, I'll probably be raising this with the actual CKEditor people.

75th Trombone’s picture

Ends up this was mod_security messing things up. It was set to exclude other Drupal paths but not ckeditor/xss. Not sure if is my case is applicable to anything above; sorry.

ajitsandip’s picture

here are no editor libraries installed currently. The following list contains a list of currently supported editors:
Error
CKEditor (Download) Not installed.
The version of CKEditor could not be detected.

Extract the archive and copy its contents into a new folder in the following location:
sites/all/libraries/ckeditor

So the actual library can be found at:
sites/all/libraries/ckeditor/ckeditor.js

Do NOT download the "CKEditor for Drupal" edition.this error occure

jomarocas’s picture

#9 working for me, is a bug

Prizem’s picture

Also just ran into this issue. My console is reporting POST https://mywebsite.com/ckeditor/xss 500 Internal Server Error. Any resolution yet? #9's temp fix (adding false to the beginning of that if statement) works for me, but a more permanent resolution would be preferable.

andykisaragi’s picture

Prizem, I found that my 500 error was caused by a memory leak which was totally unrelated to CKEditor (in my case, I had temporarily set all user's emails on a dev site to test@test.com or similar, so whenever Drupal tried to load a user by email address it was loading all users, which was a few hundred thousand on the site I was working on) - it might well be that this is not a CKEditor bug but just an indication of a bug somewhere else on your site.

sosguthorpe’s picture

Recently had this issue. The problem only occurred for me when a page had multiple CKEditor instances on it (i.e. more than one text area). Those of you getting blank responses from the XSS post that had upgraded jQuery, this patch might help you to solve your issue without having to downgrade jQuery.

jenlampton’s picture

The solution in #2335105: Blank fields after updating jQuery didn't work for me since I am using a newer version of the ckeditor module (1.x-dev) but the hack in #9 did. Since I can't see a more elegant way of getting around this currently I've rolled this into a patch incase others need the same fix.

Again, this is not for review/inclusion but just for the convenience of others suffering from the same Server 500 error.

svn7svn’s picture

I'm currently experiencing the same issue on my blog content type.

I have Drupal 7.38 installed with all projects up to date as of this post.

Used to work fine.

Console shows a 522 error on the following .js file

/sites/default/files/js/js_5lrzLVYmzJlz59v8vxohFpYcT_00TebFdDnQv26MYt8.js