WYSIWYG injecting arbitrary code into XHTML event attributes when using Internet Explorer

stonema's Avatar


16 Jul, 2010 02:41 PM

The WYSIWYG editor in Cascade versions prior to 6.7 is injecting arbitrary code into the XHTML tag event attributes (e.g. onclick, onFocus, etc.) when working in Internet Explorer. Firefox and other browsers do not appear to be affected by this problem. Example code to replicate the problem is below.

<p><a href="#" onclick="window.open('http://www.google.com');">Google</a></p>

Final output of the code once it's submitted:
<p><a href="#" onclick="function onclick() { window.open('http://www.google.com'); } ">Google</a></p>

The arbitrary code will be injected every time the information is submitted. Has anyone else encountered this same problem? At this time the only solution I can find is to upgrade to the latest version 6.7, but has anyone crafted a work around?

  1. 1 Posted by Penny on 19 Jul, 2010 02:59 PM

    Penny's Avatar

    I am using 6.4.4 and not getting that issue. In the past whenever I have had issues with the WYSIWYG, I always check the tidy settings first. If this is not set to tidy and I still get the issue, I switch to using an XML block. It isn't the most convenient of solutions but it never modifies your content.

  2. Support Staff 2 Posted by Tim on 11 Aug, 2010 04:08 PM

    Tim's Avatar

    I was able to reproduce this on 6.4.6 using IE, but not in any other browser. It is likely that TinyMCE corrected the problem with their more recent edition of the editor which is included in Cascade Server 6.7. If you don't plan on upgrading soon, I would recommend using XML Blocks whenever possible to avoid the possibility of certain elements and/or attributes being removed (as Penny mentioned above).

  3. Tim closed this discussion on 11 Aug, 2010 04:08 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac