redactor
redactor copied to clipboard
craftcms
Iframes are displayed even though pastePlainText is active
Description
I just can't figure out how to make Redactor properly remove HTML / paste as plain text. I need to enter the HTML code for an iframe that I want to display as HTML on the page (so I want to display literally <iframe src="..."></iframe>, not the iframe itself). Even though I have pastePlainText set to true, when I paste the following HTML code, Redactor parses it as HTML and displays the iframe in the editor window:
<iframe src="https://example.com" width="100%" height="300px" frameborder="0"></iframe>
Given the pastePlainText option, I would expect Redactor to escape the HTML code so it's inserted as text. Instead it adds the iframe as HTML, so I get the literal iframe in the preview window. The only workaround I found was to go into the source view and manually enter the iframe with escaped entities (> and <). Is this expected behaviour? Isn't pastePlainText supposed to prevent this? Is there some way to disable pasting HTML completely?
Here's my redactor config:
{
"pastePlainText": true,
"pasteImages": false,
"autoparseImages": false,
"autoparseVideo": false,
"autoparseLinks": false,
"buttons": [
"html",
"undo",
"redo",
"formatting",
"unorderedlist",
"orderedlist",
"link",
"bold",
"italic",
"sup",
"sub"
],
"formatting": [
"p",
"h3"
],
"pasteBlockTags": [
"p",
"h3",
"ul",
"ol"
],
"pasteInlineTags": [
"strong",
"em",
"a",
"sup",
"sub"
],
"plugins": [
"fullscreen"
],
"linkNewTab": false,
"toolbarFixed": true,
"cleanInlineOnEnter": true
}
Additional info
- Craft version: 3.7.16
- PHP version: 8.0
- Database driver & version: MySQL 8
- Plugins & versions: Redactor (2.8.8)
Any update on this?
In general, the pastePlainText functionality seems super buggy, pasting formatted Code always results in unwanted tags slipping in. For example, formatting inside <a> tags isn't stripped out. For instance, take this code:
<a href="https://example.com">Link <q>Quote inside link</q></a>
Try including this as HTML on the website, then copying it from the page and pasting it in the editor. After pasting, I would expect the <q> tag to be gone from the link. However, it stays where it is.
Could you raise this with Imperavi? Really frustrating that Redactor is closed-source, I'm noticing a ton of those small bugs and inconsistencies, but can't debug the code myself, submit issues or PRs …
Just submitted an issue with them. Given that they re-iterate three times on the issue page that there is need to get in touch if you don't hear back from them, I can't give you a timeline for this :/
@MoritzLost I've recently found out, that the culprit to most similar issues to this is actually the autoparse setting, which should be disabled. Or, the autoparsePaste setting.
@andris-sevcenko Thanks, but that doesn't solve this issue – even with all the autoparse settings set to false, pasting iframe code above still results in a visible iframe being rendered. For reference, here's my full redactor config file:
{
"pastePlainText": true,
"pasteImages": false,
"autoparse": false,
"autoparseStart": false,
"autoparsePaste": false,
"autoparseImages": false,
"autoparseVideo": false,
"autoparseLinks": false,
"buttons": [
"html",
"undo",
"redo",
"formatting",
"unorderedlist",
"orderedlist",
"link",
"bold",
"italic",
"sup",
"sub"
],
"formatting": [
"p",
"h3"
],
"pasteBlockTags": [
"p",
"h3",
"ul",
"ol"
],
"pasteInlineTags": [
"strong",
"em",
"a",
"sup",
"sub"
],
"plugins": [
"fullscreen",
"linkstyles"
],
"linkNewTab": false,
"toolbarFixed": true,
"cleanInlineOnEnter": true
}
Could you reopen this issue just to make sure it's not forgotten?