Fix for TinyMCE Editor strips Flash embed code in Joomla
It has been a big misery for all those wanted to retain the inserted flash files (SWF) in an article in joomla. Several questions were asked why the tinyMCE editor strips the “Object” and “embed” tags once we “save/Apply” after editing the article with flash objects. There is an answer for this.
If an article with flash object is opened for editing, while saving the editor removes the flash embed code from the article. The result is the automatic removal of “Object” and “Embed” tags from the code.
The users affected:
All the users other than Super Administrator are affected by this problem.
There is a solutions for this. Before we see a solution, we need to be aware of the reason behind it. It will help us to resolve other similar problems later.
This is caused by the inbuilt security measures in joomla. There is a filtering mechanism that plays behind the scene while saving the articles. To protect the joomla website, from attackers, by preventing the users with edit access to insert malicious codes into the articles. This filtering rules will be applied just before an article is saved after the change.
All the users other than super administrator will have a “blacklist” filtering “ON” by default. This is to protect the article from the attackers. The default filter method in Joomla! is ‘Black List‘.
The following tags are listed in the “Blacklsit”:
‘applet’, ‘body’, ‘bgsound’, ‘base’, ‘basefont’, ‘embed’, ‘frame’, ‘frameset’, ‘head’, ‘html’, ‘id’, ‘iframe’, ‘ilayer’, ‘layer’, ‘link’, ‘meta’, ‘name’, ‘object’, ‘script’, ‘style’, ‘title’, ‘xml’
The following attributes are listed in the “Blacklsit”:
‘action’, ‘background’, ‘codebase’, ‘dynsrc’, ‘lowsrc’
The “Blacklist” filter will automatically trim all the tags and attributes specified in the above items. Now, the fix is easy, just remove this “blacklisted tags” for all users whom we want to allow these tags.
How to fix it:
Go to Content >> Article Manager >> click on the parameters
NOTE: All those user groups whom you want to give permission to allow those blacklisted tags and attributes should be excluded from the selection. Eg: if you want to allow all the Public Back-end users, just select all the “Public Front-end” users then apply “filter Type” “Blacklist (Default)” . All the unselected users will be exempted from the filter check.
If you need any further assistance on this regard, Please discuss it in the forum. http://forum.tutorials2learn.com/ . Your comments are highly encouraged.