redmine_ckeditor
redmine_ckeditor copied to clipboard
a-ono
Upgrading Paste from word
After upgrading to the latest version of CKeditor (as per README.MD) and replacing the inbuilt Paste from word plugin with an updated version, I was able to copy and paste images directly from Word. But they were not showing in the wiki view; a tag without src parameter was being inserted (CKeditor inserts the images in base64 encoding).
After a bit of hacking, I found that the offending part is
redmine_ckeditor/wiki_formatting/formatter.rb::29
text = ActionView::Base.white_list_sanitizer.sanitize(text,
:tags => RedmineCkeditor.allowed_tags,
:attributes => RedmineCkeditor.allowed_attributes
)
Commenting this line makes the images visible (the src tag contains the base64 information). Of course, I understand that this makes my redmine vulnerable to attacks, as the html tags are not being sanitized anymore.
I think that the correct solution is adding "data" as a trusted protocol for the sanitizer (see https://stackoverflow.com/questions/24723434/how-to-enable-embedded-image-in-rails-sanitize) but, having never worked with Ruby before, I was unable to make this work.
Hope you have enough information to making correctly solving this problem as painless as possible.
Any news on this issue? I tried to add data to the ckeditor.yml but it didn't help.
It is working now. Who can read, has a clear advantage :-) I had to copy the config to the right path cp plugins/redmine_ckeditor/config/ckeditor.yml.example config/ckeditor.yml.
Afterwards I added data to the allowedProtocols configuration