Welcome, Guest
Username: Password: Remember me

TOPIC: Editor strips the onClick attribute..

Editor strips the onClick attribute.. 3 years 8 months ago #54371

  • AndYow
  • AndYow's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
Hello,

I recently installed LimeSurvey and have been messing around with it, trying out different options.

While I was adding images to a group's description, I figured thumbnails might work well. I installed highslide.com server-side. It works.

The problem is, LimeSurvey's description editor (FCKeditor) seems to strip the onClick attribute, so when I add the following as a description (using the Source window of the editor):
<br />
Description title here..<br />
<br />
<div class="highslide-gallery">
<ul>
    <li><a href="upload/surveys/12345/image.jpg" class="highslide" title="Caption here.." onclick="return hs.expand(this, config1 )"><img src="upload/surveys/12345/image.thumb.jpg" alt=""/></a></li>
    <li><a href="upload/surveys/12345/image.jpg" class="highslide" title="Caption here.." onclick="return hs.expand(this, config1 )"><img src="upload/surveys/12345/image.thumb.jpg" alt=""/></a></li>
</ul>
<div style="clear:both">&nbsp;</div>
</div>
<br />
and save, this is what happens:
<br />
Description title here..<br />
<br />
<div class="highslide-gallery">
<ul>
    <li><a>click=&quot;return hs.expand(this, config1 )&quot; title=&quot;Caption here..&quot; class=&quot;highslide&quot; href=&quot;upload/surveys/12345/image.jpg&quot; _fcksavedurl=&quot;upload/surveys/12345/image.jpg&quot;&gt;<img src="upload/surveys/12345/image.thumb.jpg" alt="" /></a></li>
    <li><a>click=&quot;return hs.expand(this, config1 )&quot; title=&quot;Caption here..&quot; class=&quot;highslide&quot; href=&quot;upload/surveys/12345/image.jpg&quot; _fcksavedurl=&quot;upload/surveys/12345/image.jpg&quot;&gt;<img src="upload/surveys/12345/image.thumb.jpg" alt="" /></a></li>
</ul>
<div style="clear:both">&nbsp;</div>
</div>
<br />

Is there any way around this?


Thanks!
The administrator has disabled public write access.

Re:Editor strips the onClick attribute.. 3 years 7 months ago #54380

  • holch
  • holch's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 2605
  • Thank you received: 302
  • Karma: 110
Did you switch off the XSS filter for your installation? I assume that is the problem...
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.

Re:Editor strips the onClick attribute.. 3 years 7 months ago #54425

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5324
  • Thank you received: 293
  • Karma: 248
Definitely a XSS filter problem because the elements get stripped.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Re:Editor strips the onClick attribute.. 3 years 7 months ago #54462

  • AndYow
  • AndYow's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
Ah!

I must of missed that in the docs. I'll give it a try.


Thanks!
The administrator has disabled public write access.

Re:Editor strips the onClick attribute.. 3 years 7 months ago #54463

  • holch
  • holch's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 2605
  • Thank you received: 302
  • Karma: 110
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.220 seconds
Donation Image