Joomla Tutorials and Blog Posts

Stop Joomla From Stripping Out Code

November 23, 2011 | Written by Steve Burge

tutuploadsmedia_1322076061924.png

Code can be dangerous. The right code in the right place brings your site to life, but there are many places where it can be a huge security risk.

Inside your content, code can be dangerous. If you allow people to use PHP, Javascript, iframes or other code inside content, you greatly increase the chances of a malicious script being used.

To minimize this risk, by default Joomla restricts the code you can use in content. Drupal does exactly the same thing and you can read the solution for Drupal by clicking here.

The downside to this is that some common code isn't allowed. For example, YouTube and Google Maps embed code aren't allowed. This tutorial will show you allow such code on your site by stopping Joomla from stripping it out.

Example

tutuploadsmedia_1322073440227.png

Here's a Google Maps example. Normally you'd click Toggle Editor and past the code directly into the editor. However, if you now click Save & Close, your article will look like the image below. The map won't show.

tutuploadsmedia_1322073471826.png

That's the problem. Here's the solution.

Step 1: Turn off Filtering

Go to Site > Global Configuration > Text Filters.

j25textfilters

If you want to disable code filtering for yourself, set Super Users to No Filtering. You can also disable filtering for other levels, but do so carefully, particularly for Registered users who you might not trust as much.

 

tutuploadsmedia_1322073584195.png

 

Click Save & Close.

Step 2: Turn off the TinyMCE Editor

tutuploadsmedia_1322074448991.png

Go to Site > Global Configuration.

tutuploadsmedia_1322074470899.png

Set Default Editor to Editor - None. Click Save & Close.

tutuploadsmedia_1322074495563.png

Now you can go to your article and safely paste in the code. It will appear as in the image below.

tutuploadsmedia_1322074563670.png

Longer Term Solutions

Over the long term this is a cumbersome solution partly because Step 2 requires you to constantly go back and forth, turning the editor on and off. It also makes it harder to edit the article again in the future.

One solution is to use a better editor than TinyMCE which is the Joomla default. JCE from http://www.joomlacontenteditor.net is free and substantially better.

tutuploadsmedia_1322075746835.png

Also recommended are two extensions from http://www.nonumber.nl.

Sourcerer allows you to place any code inside your content with the editor still turned on. It's avaiable from http://www.nonumber.nl/extensions/sourcerer.

tutuploadsmedia_1322075847740.png

Snippets allows you to enter the code once and then create a reusable text snippet that can be easily placed inside any article. We use it on this site to safely embed the code for our ticket sales. Snippets can be downloaded from http://www.nonumber.nl/extensions/snippets.

tutuploadsmedia_1322075947706.png
tutuploadsmedia_1322076061924.png

 

 


To sign up for complete classes and support

 

Comments  

 
#1 safe77 2012-01-21 05:58
I have followed the instructions 1 and doesn't show google map in article/ conact.
View large map
Is the above suggestions for joomla 1.7?
thx
 
 
#2 iowawebco 2012-01-21 15:28
Hi safe77,

Yes, it's for Joomla 1.7. What version are you using?

Kind regards,
Nick
 
 
#3 safe77 2012-01-21 15:47
Hi,
joomla 1.7.3, I tried with TinyMCE Editor and with Jce editor.
Made all the setting required like remove "iframe" is forbidden from the list. or make sure I am white list or filtering off ect but still stripping the code. Also tried to Set Default Editor to Editor - None, but no luck

I really appreciate your propmt reply,

Regards
safe77
 
 
#4 iowawebco 2012-01-21 15:59
Hi Safe77,

Go to Article Manager >> options >> filtering >> turn off filtering for super users.

Kind regards,
Nick
 
 
#5 safe77 2012-01-21 16:27
Hi Nick,
I have done that too!
I tried with TinyMCE Editor :
- In Article Manager option >> Text Filters >> Super Users : Not Filtering
- In Extentions >> Plug-in Manager >> Editor TinyMce >> Basic options Prohibited Elements : cancelled iframe from the list.
Still not working.

After I tried/switched to Jce editor :
In the JCE Control Panel, >> Editor Plugin Parameters >> Default ( in my case) >> Media Support : Allow IFrames is set yes.

Am I missing something?
 
 
#6 iowawebco 2012-01-22 19:41
Did you try with the editor set to "no editor" and filtering disabled in article manager options?

Kind regards,
Nick
 
 
#7 safe77 2012-01-23 05:01
Hi,
I did try also editor set to "no editor" and filtering disabled in article manager options but still not keeping iframe.
I just want to add a google map in to contact form, not other iframe.
Thx
 
 
#8 iowawebco 2012-01-23 15:35
Hi safe77,

We would love to get into a discussion with you on this. If you are a student at OSTraining.com, please log into the support forum (www.ostraining.com/.../) and post the question in there, so that one of our support techs can look into it for you. If you’re not a student, I hope you’ll consider becoming one, so that we can give you the attention you deserve. You can find out more about our online class at www.ostraining.com/online

Kind regards,
Nick
 

Add comment


 


To sign up for complete classes and support