Picture of Stu Pod
HTML tags in authoring tool editor (CKEditor)
by Stu Pod - Tuesday, 27 February 2018, 5:54 AM
 

I've been wondering for a very long time why the CKEditor instances within the authoring tool don't allow most HTML tags. I thought I'd wait to ask in case it became apparent, but it never did.

With the default setup, <span> tags are allowed, but any other tags entered using the 'Source' pane are removed after leaving the source editor or clicking Save.

It looks like almost every one of the hundreds of courses I've authored has included at least ordered lists, and sometimes more uncommon HTML tags.

To allow these tags to be entered without being automatically removed I've had to edit adapt_authoring/frontend/src/adaptbuilder/js/origin.js (it looks like that'd be adapt_authoring/frontend/src/modules/scaffold/backboneFormsOverrides.js in the latest version of the AT) and add 'allowedContent:true,' after 'extraAllowedContent:"span(*)",'.

That edit is reset to the default with each AT update, which isn't fun. I haven't tested what happens if the AT is updated and a course is edited before the edit to origin.js (or backboneFormsOverrides.js) is made, but I imagine that any existing HTML tags in the edited page or pages would be removed and lost forever as soon as the editor instance was touched.

How is everybody else dealing with this? I've never been able to find anybody else talking about it, which surprises me. I would've thought that a lot of authors would need at least some basic tags.

I'm assuming that the editor doesn't allow anything but span because if you're going to allow other tags it'd probably mean allowing everything, including <script> and <iframe>, which could be simple to exploit.

I've attached screenshots showing the same HTML tags in the editor before and after editing the core JS to allow tags.



 
Reply
Picture of Thomas Berger
Re: HTML tags in authoring tool editor (CKEditor)
by Thomas Berger - Wednesday, 28 February 2018, 7:26 AM
 

Hello,

as you mentioned, some tags and attributes can cause major security issues. Therefore the filtering is extremely strict by default. I agree with you that the filtering needs updating though. For instance class and data-attributes are save and can add major improvement for styling courses. Also some plugins will require some html attribtes in the content to work.

I think the ideal solution would be a set of different configuration settings one can choose during installation. Ranging from "save" to "no filtering". Having the settings in a config, will make sure that your selection will be restored when you update Authoringtool versions.

There is an issue that discusses the topic. Your Feedback is very much appreciated as it helps us better understand the needs of the users.

Cheers

Thomas

 
Show parent | Reply
Picture of Matt Leathes
Re: HTML tags in authoring tool editor (CKEditor)
by Matt Leathes - Wednesday, 28 February 2018, 9:38 AM
 

Something a bit weird is going on with hyperlinked text on the forums at the moment (they're all getting prefixed with this site's address) so here the full link to the issue https:/github.com/adaptlearning/adapt_authoring/issues/1619

 
Show parent | Reply
Picture of Stu Pod
Re: HTML tags in authoring tool editor (CKEditor)
by Stu Pod - Thursday, 1 March 2018, 1:22 AM
 

Thanks for confirming that Thomas. I'd love to see that as a configuration setting.

For now, I think I'll try to work out an automated daily backup with GCP so that I can restore it if I ever do an Adapt update and forget to add that line to the core JS before editing.

I'm not sure whether the CKEditor API allows it but if that configuration setting does end up being added, it might be nice if the AT gave feedback to the editor about tags being remove or the source being rewritten.

 
Show parent | Reply
Picture of Stu Pod
Re: HTML tags in authoring tool editor (CKEditor)
by Stu Pod - Monday, 21 May 2018, 7:05 AM
 

Does anybody know whether allowing other tags in CKEditor/AT has changed recently?

It used to work by adding allowedContent:true, to adapt_authoring/frontend/src/adaptbuilder/js/origin.js. The CKEditor config moved to adapt_authoring/frontend/src/modules/scaffold/backboneFormsOverrides.js, and the same addition worked for a while, but now doesn't.

I've tried a lot of different combinations of allowedContent and extraAllowedContent and although some mostly work, all of them seem to strip any heading tags (h1, h2 etc) and type attributes such as <ol type="A>.

 
Show parent | Reply
Picture of Richard Lilleker
Re: HTML tags in authoring tool editor (CKEditor)
by Richard Lilleker - Tuesday, 7 August 2018, 10:32 AM
 

I'm also having issues with this. Tried using both allowedContent and extraAllowedContent to enable the img tag but not having much luck.

 
Show parent | Reply
Picture of Stu Pod
Re: HTML tags in authoring tool editor (CKEditor)
by Stu Pod - Thursday, 9 August 2018, 4:59 AM
 

Hi Richard,

I still haven't worked out how to get this working in the recent versions of the AT, so reply here if you do work it out!

 
Show parent | Reply