Vulnerability in EPiServer.Forms
I'm having trouble implementing a widget into an HTML block.
When I publish it, it's stripped down to:
Any ideas? Do I need to contain it in something additional?
In what kind of property are you putting this code? If it's inside an XhtmlString property it might get "cleaned-up" by the editor TinyMCE. Then you might have to create a TinyMCE plugin and change the settings to allow additional attributes on div elements. Maybe TinyMCE strips empty div elements as well.
Thanks for replying. Eeek. I'm not too sure if it's an XhtmlString property. I read http://world.episerver.com/documentation/Items/Developers-Guide/EPiServer-CMS/7/Content/Properties/Properties/ but it's far too technical for me, as too is making a plugin unfortunately looking at this http://archive.tinymce.com/wiki.php/Tutorials:Creating_a_plugin.
It sounds very similar to Wordpress in terms of the editor 'cleaning' the code, but I can use an iFrame at least. It appears iFrames in EPiserver HTML blocks don't work either.
If you can format the text, i.e. create links and headings, then it's an XhtmlString. Iframes are also probably stripped away.
Not sure what you can change from web.config, but you need to change the valid elements (and attributes) to allow iframes, empty divs and additional attributes. If you can't change the setting from web.config you need to create a plugin, please see http://krompaco.nu/2010/05/alter-default-initoptions-for-tinymce-in-episerver-6/, this works in latest version too.
Thanks Johan. Ah yes it's an XhtmlString.
I'll need to ask a developer about changing settings in web.config. Thanks for your help Johan!