Custom Tag stop while running

Next topic

Author	Message
Damien MARTIN	Friday 03 December 2010 7:17:26 am Hi There I created a custom tag to allow users to add extra HTML/Javascript code in XMLBlock. So I did the following modifications : content.ini.append.php [CustomTagSettings] AvailableCustomTags[]=code IsInline[code]=false [code] CustomAttributes[]=code ezoe_attributes.ini.append.php [code] CustomAttributes[]=code [CustomAttribute_code_code] Name=Code Type=text Required=true code.tpl {wrap_php_func('html_entity_decode', array( $code ))} With this, <b>UN</b> <i>test</i> <u><i>normal</i></u> run correctly but <script type="text/javascript"> alert ( "Hello World" ) ;</script> Stops while running with the following error : <span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; white-space: normal; font-size: 13px; " mce_fixed="1"><!-- START: including template: design/standard/templates/content/datatype/view/ezxmltags/code.tpl (design:content/datatype/view/ezxmltags/code.tpl) --> Mon code : <script typ <!-- STOP: including template: design/standard/templates/content/datatype/view/ezxmltags/code.tpl (design:content/datatype/view/ezxmltags/code.tpl) --></span> I don't understand what happens. Could someone explain me why it crash while running this very simple text ? Thanks, Damien
Ivo Lukac	Monday 06 December 2010 3:05:44 am Hi, With your code you are adding <script> tag in ezxml field which does not supported that tag. I would suggest that you add additional eztext attribute in the class and deal with the javascript code in the template of the class. http://www.linkedin.com/in/ivolukac http://www.netgen.hr/eng/blog http://twitter.com/ilukac
Jérôme Vieilledent	Monday 06 December 2010 3:19:18 am Another solution could be to activate raw HTML support via the literal tag. You can do this in an override of content.ini. Here's what original content.ini says : [literal] AvailableClasses[] # The class 'html' is disabled by default because it gives editors the # possibility to insert html and javascript code in XML blocks. # Don't enable the 'html' class unless you really trust all users who has # privileges to edit objects containing XML blocks. #AvailableClasses[]=html This can be a solution, but since there is currently no security policy check on attributes, there might be a XSS security issue here...
Damien MARTIN	Monday 06 December 2010 3:22:33 am Thanks Ivo, But my users need to add more than JS. The should be able to add things like imagemap ou swf objects directly in the xmlblock. I know that I can do this using object and embeded templates but it is very embarassing to have to create items before to insert them. So I would like to try "custom tag" instead. So I suppose I will have no choice and create a new class named "custom_code" or something like that a create a kind of "piece of code library". Thank you very much again.
Ivo Lukac	Monday 06 December 2010 4:02:28 am " Another solution could be to activate raw HTML support via the literal tag. You can do this in an override of content.ini. Here's what original content.ini says : [literal] AvailableClasses[] # The class 'html' is disabled by default because it gives editors the # possibility to insert html and javascript code in XML blocks. # Don't enable the 'html' class unless you really trust all users who has # privileges to edit objects containing XML blocks. #AvailableClasses[]=html This can be a solution, but since there is currently no security policy check on attributes, there might be a XSS security issue here... " If I were him I would rather not do that :) http://www.linkedin.com/in/ivolukac http://www.netgen.hr/eng/blog http://twitter.com/ilukac
André R.	Monday 06 December 2010 4:23:22 am literal.html is the only soulution that will accept raw html. If you want to use custom tag, then you will need to create one pr use case, one for image maps (with attributes for input), one for script (with url as attribute) and so on. You can setup custom tag to behave as inline-block in oe with the following settings in content.ini: ## Displays the custom tag as an image so you cannot create sub content. ## Will use custom image if there is a custom attribute on the tag named 'image_url' #IsInline[externalimage]=image ## Lets you specify 22x22 icon to use on custom image tag if it doesn't have 'image_url' #InlineImageIconPath[mashup]=images/tango/image-x-generic22.png eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Jérôme Vieilledent	Monday 06 December 2010 5:22:39 am " If I were him I would rather not do that " Why not ? If this fits to the need, then this is the solution ! ;) The only thing is that the website administrator has to trust his contributors, that's all ! Besides, this is the case for every CMS that propose such a feature...
Damien MARTIN	Monday 06 December 2010 6:25:28 am Thank you very much everybody. I called my customer and we decided together to create objects before adding them in XML Block. I hope that this thread will be usefull for other persons. Thanks, Damien

eZ debug

Timing:	Jan 15 2025 08:09:44
Script start
Timing:	Jan 15 2025 08:09:44
Module start 'layout'
Timing:	Jan 15 2025 08:09:44
Module start 'content'
Timing:	Jan 15 2025 08:09:46
Module end 'content'
Timing:	Jan 15 2025 08:09:46
Script end

Main resources:

Total runtime	1.7722 sec
Peak memory usage	6,144.0000 KB
Database Queries	76

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0063	684.5391	183.6875
Module start 'layout'	0.0063	0.0032	868.2266	52.5703
Module start 'content'	0.0095	1.7610	920.7969	1,991.1563
Module end 'content'	1.7705	0.0017	2,911.9531	144.5469
Script end	1.7722		3,056.5000

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0060	0.3377	16	0.0004
Check MTime	0.0012	0.0703	16	0.0001
Mysql Total
Database connection	0.0010	0.0543	1	0.0010
Mysqli_queries	1.6660	94.0068	76	0.0219
Looping result	0.0009	0.0506	74	0.0000
Template Total	1.7346	97.9	2	0.8673
Template load	0.0042	0.2357	2	0.0021
Template processing	1.7304	97.6377	2	0.8652
Template load and register function	0.0014	0.0786	1	0.0014
states
state_id_array	0.0007	0.0380	1	0.0007
state_identifier_array	0.0035	0.2000	2	0.0018
Override
Cache load	0.0039	0.2191	68	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0015	0.0834	4	0.0004
Fetch class attribute name	0.0025	0.1417	12	0.0002
XML
Image XML parsing	0.0070	0.3932	4	0.0017
class_abstraction
Instantiating content class attribute	0.0000	0.0017	16	0.0000
General
dbfile	0.0070	0.3950	37	0.0002
String conversion	0.0000	0.0005	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
8	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
8	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
17	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
3	content/datatype/view/ezxmltags/emphasize.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/emphasize.tpl
7	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
2	content/datatype/view/ezxmltags/quote.tpl	datatype/ezxmltext/quote.tpl	extension/ezwebin/design/ezwebin/override/templates/datatype/ezxmltext/quote.tpl
1	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 48 Number of unique templates used: 9

Time used to render debug report: 0.0001 secs