Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  • 0
Angstony_2

Why do CMS page updates strip 'rel' attributes out of scripts?

Question

First some background:
I've been working on creating a CMS picture gallery using this tutorial as a starting point. I've got it working nicely – and responsively too (except in IE) – by using css grid in custom code rather than a table, but I want fancybox to display as a slideshow so I need to add a rel="group" attribute to all of the a-links, but they're getting stripped out after saving the page.

Now I've actually managed to work around this by editing the content column directly in the database – yes, I know the risks – and it works perfectly well as far as I can tell. So my question is, why are they stripped out by design and what might the consequences of my workaround be?

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0

Thanks @lesley that was it. But now I'm curious: what does the html purifier do on TB and what are the consequences or disabling that?

Share this post


Link to post
Share on other sites
  • 0

Basically it strips some things out of the html so that it is safer and also reorganizes some things as well. It helps keep people from breaking things basically.

Share this post


Link to post
Share on other sites
  • 0

Hmm… so what does that make the site vulnerable to? Mistakes by me, errors in underlying code, or malicious external attacks?

Share this post


Link to post
Share on other sites
  • 0

Mistakes by you and any modules that use the tinymce on the front end, depending on how they are programmed. There are not any that I can think of though off the top of my head, but I am sure there are some out there.

Share this post


Link to post
Share on other sites
  • 0

Okay, thanks. I can live with that for now. If I do decide to re-enable it at some point at least I know that editing the database field directly won't do any harm.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...