Forums / Setup & design / Custom Tag stop while running

Custom Tag stop while running

Next topic

Author	Message
Damien MARTIN	Friday 03 December 2010 7:17:26 am Hi There I created a custom tag to allow users to add extra HTML/Javascript code in XMLBlock. So I did the following modifications : content.ini.append.php [CustomTagSettings] AvailableCustomTags[]=code IsInline[code]=false [code] CustomAttributes[]=code ezoe_attributes.ini.append.php [code] CustomAttributes[]=code [CustomAttribute_code_code] Name=Code Type=text Required=true code.tpl {wrap_php_func('html_entity_decode', array( $code ))} With this, <b>UN</b> <i>test</i> <u><i>normal</i></u> run correctly but <script type="text/javascript"> alert ( "Hello World" ) ;</script> Stops while running with the following error : <span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; white-space: normal; font-size: 13px; " mce_fixed="1"><!-- START: including template: design/standard/templates/content/datatype/view/ezxmltags/code.tpl (design:content/datatype/view/ezxmltags/code.tpl) --> Mon code : <script typ <!-- STOP: including template: design/standard/templates/content/datatype/view/ezxmltags/code.tpl (design:content/datatype/view/ezxmltags/code.tpl) --></span> I don't understand what happens. Could someone explain me why it crash while running this very simple text ? Thanks, Damien
Ivo Lukac	Monday 06 December 2010 3:05:44 am Hi, With your code you are adding <script> tag in ezxml field which does not supported that tag. I would suggest that you add additional eztext attribute in the class and deal with the javascript code in the template of the class. http://www.linkedin.com/in/ivolukac http://www.netgen.hr/eng/blog http://twitter.com/ilukac
Jérôme Vieilledent	Monday 06 December 2010 3:19:18 am Another solution could be to activate raw HTML support via the literal tag. You can do this in an override of content.ini. Here's what original content.ini says : [literal] AvailableClasses[] # The class 'html' is disabled by default because it gives editors the # possibility to insert html and javascript code in XML blocks. # Don't enable the 'html' class unless you really trust all users who has # privileges to edit objects containing XML blocks. #AvailableClasses[]=html This can be a solution, but since there is currently no security policy check on attributes, there might be a XSS security issue here...
Damien MARTIN	Monday 06 December 2010 3:22:33 am Thanks Ivo, But my users need to add more than JS. The should be able to add things like imagemap ou swf objects directly in the xmlblock. I know that I can do this using object and embeded templates but it is very embarassing to have to create items before to insert them. So I would like to try "custom tag" instead. So I suppose I will have no choice and create a new class named "custom_code" or something like that a create a kind of "piece of code library". Thank you very much again.
Ivo Lukac	Monday 06 December 2010 4:02:28 am " Another solution could be to activate raw HTML support via the literal tag. You can do this in an override of content.ini. Here's what original content.ini says : [literal] AvailableClasses[] # The class 'html' is disabled by default because it gives editors the # possibility to insert html and javascript code in XML blocks. # Don't enable the 'html' class unless you really trust all users who has # privileges to edit objects containing XML blocks. #AvailableClasses[]=html This can be a solution, but since there is currently no security policy check on attributes, there might be a XSS security issue here... " If I were him I would rather not do that :) http://www.linkedin.com/in/ivolukac http://www.netgen.hr/eng/blog http://twitter.com/ilukac
André R.	Monday 06 December 2010 4:23:22 am literal.html is the only soulution that will accept raw html. If you want to use custom tag, then you will need to create one pr use case, one for image maps (with attributes for input), one for script (with url as attribute) and so on. You can setup custom tag to behave as inline-block in oe with the following settings in content.ini: ## Displays the custom tag as an image so you cannot create sub content. ## Will use custom image if there is a custom attribute on the tag named 'image_url' #IsInline[externalimage]=image ## Lets you specify 22x22 icon to use on custom image tag if it doesn't have 'image_url' #InlineImageIconPath[mashup]=images/tango/image-x-generic22.png eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Jérôme Vieilledent	Monday 06 December 2010 5:22:39 am " If I were him I would rather not do that " Why not ? If this fits to the need, then this is the solution ! ;) The only thing is that the website administrator has to trust his contributors, that's all ! Besides, this is the case for every CMS that propose such a feature...
Damien MARTIN	Monday 06 December 2010 6:25:28 am Thank you very much everybody. I called my customer and we decided together to create objects before adding them in XML Block. I hope that this thread will be usefull for other persons. Thanks, Damien

Timing:	Jan 29 2025 13:44:27
Script start
Timing:	Jan 29 2025 13:44:27
Module start 'content'
Timing:	Jan 29 2025 13:44:27
Module end 'content'
Timing:	Jan 29 2025 13:44:27
Script end

Total runtime	0.1413 sec
Peak memory usage	2,048.0000 KB
Database Queries	141

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0045	587.9297	180.8438
Module start 'content'	0.0045	0.0051	768.7734	106.5234
Module end 'content'	0.0096	0.1316	875.2969	535.7891
Script end	0.1412		1,411.0859

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0028	1.9925	20	0.0001
Check MTime	0.0012	0.8189	20	0.0001
Mysql Total
Database connection	0.0008	0.5421	1	0.0008
Mysqli_queries	0.0998	70.6359	141	0.0007
Looping result	0.0014	1.0233	139	0.0000
Template Total	0.1314	93.0	1	0.1314
Template load	0.0007	0.4635	1	0.0007
Template processing	0.1307	92.5018	1	0.1307
Override
Cache load	0.0005	0.3305	1	0.0005
Sytem overhead
Fetch class attribute can translate value	0.0008	0.5831	1	0.0008
XML
Image XML parsing	0.0002	0.1522	1	0.0002
General
dbfile	0.0061	4.2972	20	0.0003
String conversion	0.0000	0.0027	3	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Cache	Type	Packlevel	SourceFiles
	CSS	0	extension/community/design/community/stylesheets/ext/jquery.autocomplete.css extension/community_design/design/suncana/stylesheets/scrollbars.css extension/community_design/design/suncana/stylesheets/tabs.css extension/community_design/design/suncana/stylesheets/roadmap.css extension/community_design/design/suncana/stylesheets/content.css extension/community_design/design/suncana/stylesheets/star-rating.css extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css extension/community_design/design/suncana/stylesheets/buttons.css extension/community_design/design/suncana/stylesheets/tweetbox.css extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css extension/sevenx/design/simple/stylesheets/star_rating.css extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css extension/sevenx/design/simple/stylesheets/main.v02.css extension/sevenx/design/simple/stylesheets/main.v02.res.css
	JS	0	extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js extension/community_design/design/suncana/javascript/jquery.ui.core.min.js extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js extension/community_design/design/suncana/javascript/jquery.easing.1.3.js extension/community_design/design/suncana/javascript/jquery.ui.tabs.js extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js extension/community_design/design/suncana/javascript/jquery.popmenu.js extension/community_design/design/suncana/javascript/jScrollPane.js extension/community_design/design/suncana/javascript/jquery.mousewheel.js extension/community_design/design/suncana/javascript/jquery.cycle.all.js extension/sevenx/design/simple/javascript/jquery.scrollTo.js extension/community_design/design/suncana/javascript/jquery.cookie.js extension/community_design/design/suncana/javascript/ezstarrating_jquery.js extension/community_design/design/suncana/javascript/jquery.initboxes.js extension/community_design/design/suncana/javascript/app.js extension/community_design/design/suncana/javascript/twitterwidget.js extension/community_design/design/suncana/javascript/community.js extension/community_design/design/suncana/javascript/roadmap.js extension/community_design/design/suncana/javascript/ez.js extension/community_design/design/suncana/javascript/ezshareevents.js extension/sevenx/design/simple/javascript/main.js

Custom Tag stop while running

eZ debug

Main resources:

Timing points:

Time accumulators:

CSS/JS files loaded with "ezjscPacker" during request:

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	pagelayout.tpl	<No override>	extension/sevenx/design/simple/templates/pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1