fckeditor

here is the list: http://www.elizabethcastro.com/html/extras/entities.html I either want to enable all of them, or disable all of them... (aside from < and > of course) Is there a way to do this? there is the config.entities_additional = "", but that is a comma separated list of all the entities you want to store. preferably, I'd like to disable the entities entirely, but setting config.entities = false; doesn't do anything. o.o @Cheery's answer solves the situation where the editor uses the config.js file. however, CKEDITOR.replace("selected_text_actual", { uiColor: "#F5F5F5", toolbar:

how to disable automatic adding of <p></p> tags in Fckeditor. When i try to get any post data from fckeditor, it gives me the data wrapped in how do i remove/disable those <p></p> Thanks in advance for any suggestions and reply Too late, but will help others reaching this page via search engines, like I found it. <?php include_once('fckeditor/fckeditor.php'); $oFCKeditor = new FCKeditor('description'); $oFCKeditor->BasePath = '/fckeditor/'; $oFCKeditor->Value = 'some text'; $oFCKeditor->Config['EnterMode'] = 'br'; // turn off auto <p> tags wrapping content $oFCKeditor->Create(); ?> Refer http:

This link describes an exploit into my app using fckEditor: http://knitinr.blogspot.com/2008/07/script-exploit-via-fckeditor.html How do I make my app secure while still using fckEditor? Is it an fckEditor configuration? Is it some processing I'm supposed to do server-side after I grab the text from fckEditor? It's a puzzle because fckEditor USES html tags for its formatting, so I can't just HTML encode when I display back the text. Sanitize html server-side, no other choice. For PHP it would be HTML Purifier , for .NET I don't know. It's tricky to sanitize HTML - it's not sufficient to strip

I use CKEditor in my web-application. By click on one link i appends some text to CKEditor. It works fine. But when I open source tab, i can not append this text to the existing source. Can you help me how can I do it? Thank you in advance. Sorry for my english. If you are trying to append HTML text, you could use the createFromHtml method like this for example: var imgHtml = CKEDITOR.dom.element.createFromHtml("<img src=" + imageSrcUrl + " alt='' align='right'/>"); where imageSrcUrl is the image location and then you can insert it into the ckeditor source like this: CKEDITOR.instances.body

扫目录发现 http://www.xxx.test.cn/bak/以及/bak/upload.jsp 上传抓包看返回包，没有回显路径 于是盲猜找上传文件夹，无果。回到bak目录发现可疑js 访问bak/login_js/login.js 找到一处后台地址 访问/bak/admin_manager1/index.jsp跳转到 随手猜测/bak/ms_login.jsp找到后台 爆破弱口令进去后台，发现后台功能简单，没有上传，也没有未授权，SQL注入之类 查看首页源代码 发现没有什么值得注意的也没有js继续跟进文件查看源代码最终在/bak/admin_manager1/sys/update_password.jsp下右键源代码看到fck 查看fck版本，尝试漏洞，无果，发现存在fck目录遍历的漏洞 /bak/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/ 到上一级目录 /bak/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=

I have installed fckeditor and when pasting from MS Word it adds alot of unnecessary formatting. I want to keep certain things like bold, italics, bulltes and so forth. I have searched the web and came up with solutions that strips everything away even the stuff that i wanted to keep like bold and italics. Is there a way to strip just the unnecessary word formatting? Here's a solution I use to scrub incoming HTML from rich text editors... it's written in VB.NET and I don't have time to convert to C#, but it's pretty straightforward: Public Shared Function CleanHtml(ByVal html As String) As