views:

574

answers:

2

So I am using FCKeditor and the problem I am having is that when the user writes the document sometimes info is copied from Word, other times it is written directly in the editor and other times it could be done both ways. What this leaves me with in the DB is a lot of tags that are open and never closed. This is throwing my layout off dramatically and I am trying to find a solution.

I changed the config file to paste as plain text, which I assumed would stop Word formatting from transferring over, and it is still doing it.

So now I am trying to figure out a way to search for the opening tags and delete them before the info is sent to the DB is possible. Or is there some FCKeditor function/config option I am missing to aid me?

Any suggestions on how I should proceed?

Thanks
Levi

A: 

Edit: Sounds like you're running into a bug in the editor. You might try a different one, and/or use a server-side script that goes through and strips unmatched div tags.

Html allows most tags to be left open. If it's leaving tags open that should be left closed, you could white or blacklist to search through and strip those out serverside. Otherwise, you're pretty much stuck with understanding that HTML is not XML, FCKeditor generates HTML, and HTML won't validate as XML. If it's throwing your printed output off, try wrapping the FCKeditor output in a div.

Otherwise, please include concrete examples of input and output that is messing up your page layout.

Paul McMillan
It isn't a matter of allowing the tag to be open for validation sake, it is a matter of an opening <div> tag being left in the code FCKeditor generates and that throws the rest of the layout off because the next closing div is now this 'open' tags closing div.
Levi
Where did the rant on XML come from?
random
@Paul, you mentioned wrapping the output in a div, that will still throw the layout off, instead of the div tag left in from fckeditor 'borrowing' my closing tag, the divI used to surround the fckeditor would 'borrow' it.
Levi
You should have specifically mentioned div tags in your question. You mentioned "open tags". Most applications that care about open HTML tags are trying to validate XML, and most html tags can be left open.
Paul McMillan
+2  A: 

Hi,

Just as a security precaution that will address both security-related problems (like <script> tags being inserted by users, for instance -- which you probably don't want) and presentation-related problems (such as not-closed tags), you could use a tool like HTMLPurifier on your server, on what you are receiving from the browser.

Of course, this will not solve the first problem, the fact that users can input whatever they want in FCKEditor ; but it will ensure your HTML is both valid and secure.

Actually, even if FCKEditor wasn't getting you not-valid HTML, you still could use HTMLPurifier, just for security.

The idea is that you provide a list of :

  • allowed tags
  • allowed attributes to those tags

And, in return, HTMLPurifier gives you clean and valid HTML.

Pascal MARTIN
I will test this out for future use (I don't like to implement new features without testing them and learning about them as best as I can). I did some simple protection using htmlencode, and stripping slashes. Not the best protection. People entering data are going to be admins for the site and the content they enter in will all be hand written. Other than that I took the concept of HTMLPurifier and I decided to do a preg_replace_all() on all divs and change them to p tags that will not at least throw the layout off. I am going to test this out and possibly implement it in the future though,
Levi