[Solved] Please help: Stop TinyMCE from Removing Type Attribute on Script tag

[Acer]

Hi

I've been battling with this one for a while now and no matter what I've tried, TinyMCE keeps on removing the type attribute from the Script tag 🤨
 

<script type="text/javascript"> becomes <script>

I've tried setting 

valid_children: "+*[*]",
valid_elements: "*[*],script[src|type]",
cleanup: false,
apply_source_formatting: false,
verify_html: false,

And tried many other settings, and even though I can make it accept Style Tags with Type attribute - no matter what I try the darn thing doesn't want to accept Script Type=""
(HTML Purifier is off bytw)

Can someone please help with this one?

 

Edited October 22, 2019 by Theo

[Acer]

1 minute ago, datakick said:

You are right, type='text/javascript' is indeed stripped. That's probably because in HTML5 'text/javascript' is the default type for script tags. Type attribute is optional and should be omitted if script is text/javascript.

So, the correct way to declare scripts in html5 is simply <script> and not <script type='text/javascript'>. This is probably why tinymce strips the type when it is equal to default value. I would say it's nothing to worry about, since there is no functional change

Wow. What a mission... 😓
The thing is I needed to check if a JavaScript block with a type attribute would be accepted first, as I will be adding JS to the page in some cases. 
This would then confirm to me that I can then adjust the script block type attribute and try Google Schema afterwards as a test, which does require "type".
When the type attribute kept on being stripped out on my "does it accept Javascript type attribute with javascript/text" test, I kept on trying to fix it and was sent on this long mission...
Phew. Thanks for the clarification and patience.

My next question is why does your CMS accept the script tag without (I presume) changes to the Classes/Validate.php file?
 

[datakick]

I suggest you try to ask this question on some TinyMCE forum

[Acer]

13 minutes ago, datakick said:

I suggest you try to ask this question on some TinyMCE forum

Um - are you saying that no one here has encountered this one?

Besides the TinyMCE in TB (from what I can gather) could be as old as the mountains - so pretty sure not going to help here.
Also, I've been through the TinyMCE forums + Google + StackOverflow - and nothing I'm trying is working...
I'm continuing to look however.
Hopefully one of you guys have the answer.
 

Edited October 22, 2019 by Theo

[datakick]

6 minutes ago, Theo said:

Um - are you saying that no one here has encountered this one?
Besides the TinyMCE in TB (from what I can gather) could be as old as the mountains - so pretty sure not going to help here.
Also, I've been through the TinyMCE forums + Google + StackOverflow - and nothing I'm trying is working....
I'm continuing to look however.
Hopefully one of you guys have the answer.
 

First of all, I wonder why would anyone wanted to inject scripts via tiny editor. It's very dangerous to open this functionality. For example, when you copy and paste some text from some web page you can unknowingly copy some <script> tag with it. This is a can of worms... 

But if you are adamant to do this, who am I to argue with you, right 🙂

I googled this and found the answer in the very first stack overflow question. You need to use

extended_valid_elements: 'script[language|type|src]'

Tested, works correctly in thirtybees.

[Acer]

3 minutes ago, datakick said:

First of all, I wonder why would anyone wanted to inject scripts via tiny editor. It's very dangerous to open this functionality. For example, when you copy and paste some text from some web page you can unknowingly copy some <script> tag with it. This is a can of worms... 

But if you are adamant to do this, who am I to argue with you, right 🙂

I googled this and found the answer in the very first stack overflow question. You need to use

extended_valid_elements: 'script[language|type|src]'

Tested, works correctly in thirtybees.

Hi
Actually, I tried this one and it does not work (lol) - have you checked view source? 
Just because the console.log or alert comes up doesn't mean the type wasn't stripped...

Also, the reason why is for new Google FAQ Schema code - that has to be on the page and it takes <script type="json">.
And no, it doesn't work with Tag Manager - so no on that one.
 

[datakick]

It does work:

1) source

2) Rendered page

[Acer]

Just now, datakick said:

It does work:

1) source

2) Rendered page

Curious...

Please copy paste your tinymce.inc.js here so that I can try with your version. Thanks
 

[datakick]

  window.default_config = {
    selector: ".rte",
    plugins: "colorpicker link image paste pagebreak table contextmenu filemanager table code media autoresize textcolor anchor directionality",
    browser_spellcheck: true,
    toolbar1: "code,|,bold,italic,underline,strikethrough,|,alignleft,aligncenter,alignright,alignfull,rtl,ltr,formatselect,|,blockquote,colorpicker,pasteword,|,bullist,numlist,|,outdent,indent,|,link,unlink,|,anchor,|,media,image",
    toolbar2: "",
    external_filemanager_path: ad + "/filemanager/",
    filemanager_title: "File manager",
    external_plugins: { "filemanager": ad + "/filemanager/plugin.min.js" },
    language: iso,
    skin: "prestashop",
    statusbar: false,
    relative_urls: false,
    convert_urls: false,
    entity_encoding: "raw",
    extended_valid_elements: "em[class|name|id],script[language|type|src]",
    valid_children: "+*[*]",
    valid_elements: "*[*]",
    menu: {
      edit: { title: 'Edit', items: 'undo redo | cut copy paste | selectall' },
      insert: { title: 'Insert', items: 'media image link | pagebreak' },
      view: { title: 'View', items: 'visualaid' },
      format: {
        title: 'Format',
        items: 'bold italic underline strikethrough superscript subscript | formats | removeformat'
      },
      table: { title: 'Table', items: 'inserttable tableprops deletetable | cell row column' },
      tools: { title: 'Tools', items: 'code' }
    }
  };

 

[Acer]

Ok, this is just plain weird. Still not working on this side. Going to dig a bit deeper - maybe has something to do with Vekia's extended editor changes.
Going to revert and give feedback later.

[datakick]

Right, this does work on vanilla thirtybees installation. If you have other modification it can have conflicts.

[Acer]

40 minutes ago, datakick said:

Right, this does work on vanilla thirtybees installation. If you have other modification it can have conflicts.

How Vanilla is your Vanilla installation really?

Because I've reverted to Vanilla and it does not allow me to insert Script tag in CMS editor - it gives the following error "the content type is invalid".
And does not save the page.
The only way to make this go away is by changing Classes/Validate.php and either commenting out the script part (under CleanHTML) or by gutting that entire block completely.

Can you please double check what files have been changed on your side? and if so, please share contents in full.

Edited October 22, 2019 by Theo

[datakick]

As vanilla as it gets.

$ git status
On branch 1.1.x
Your branch is up to date with 'upstream/1.1.x'.

And you are correct - in order to actually save the content to database, you need to ensure that the column is not validated using 'isCleanHtml' validator. This one does not allow saving <script> tags. Some columns are using this validator (like content in cms pages), some are not (blog content).

But this has nothing to do with your question as it's not related to tinymce config at all. 

[Acer]

In a way it is related, because if Classes/Validate.php is not modified, then the TinyMCE configuration to accept the script tag will not work.
Also, I'm running on the "release version" of TB 1.1.0 - direct download from the site (not GitHub).

This is frustrating as it's still not accepting the script type attribute, and I've tried everything here so far. Been at it for hours since yesterday...

• Vanilla TB 1.1.0
• No HTML purifier in Admin BO -> General
• Added "extended_valid_elements" to TinyMCE
• Eventually copied relevant section from your TinyMCE
• Had to comment out Classes/Validate.php CleanHTML script (for the CMS to accept the script tag)

And still... not working... ?

Edited October 22, 2019 by Theo

[Acer]

Ok. Getting closer...

It seems that your example <script type="xxx/yyy"> works...
However, that is not the correct way of declaring JavaScript, as it's normally done with <script type="text/javascript">
That explains why your example is working and mine is not because I declared it with "text/javascript"
For some reason if it has type="text/javascript" - it gets stripped out. Maybe you can try this on your side?
Also, once again you'll need to modify the Classes/Validate.php file for the script tag to be accepted in the CMS system.
Not sure why it was working on your side without this change to the file?

Also, I've tested the actual Google FAQ schema code that is declared with <script type="application/ld+json"> and it works...
However, this still doesn't explain why <script type="text/javascript"> doesn't work?

Maybe you can provide an explanation / solution for this?

Edited October 22, 2019 by Theo

[datakick]

You are right, type='text/javascript' is indeed stripped. That's probably because in HTML5 'text/javascript' is the default type for script tags. Type attribute is optional and should be omitted if script is text/javascript.

So, the correct way to declare scripts in html5 is simply <script> and not <script type='text/javascript'>. This is probably why tinymce strips the type when it is equal to default value. I would say it's nothing to worry about, since there is no functional change

[datakick]

3 minutes ago, Theo said:

Wow. What a mission... 😓
The thing is I needed to check if a JavaScript block with a type attribute would be accepted first, as I will be adding JS to the page in some cases. 
This would then confirm to me that I can then adjust the script block type attribute and try Google Schema afterwards as a test, which does require "type".
When the type attribute kept on being stripped out on my "does it accept Javascript type attribute with javascript/text" test, I kept on trying to fix it and was sent on this long mission...
Phew. Thanks for the clarification and patience.

🙂 the life of a developer in a nutshell

3 minutes ago, Theo said:

My next question is why does your CMS accept the script tag without (I presume) changes to the Classes/Validate.php file?

I temporarily changed the validator for the column from 'isCleanHtml' to 'isString' --> classes/CMS.php

[Acer]

2 hours ago, datakick said:

🙂 the life of a developer in a nutshell

I temporarily changed the validator for the column from 'isCleanHtml' to 'isString' --> classes/CMS.php

Lol - indeed 😕😅

Thanks again for the clarification and patience.

Edited October 22, 2019 by Theo

[Acer]

2 hours ago, datakick said:

🙂 the life of a developer in a nutshell

I temporarily changed the validator for the column from 'isCleanHtml' to 'isString' --> classes/CMS.php

Changing the validator doesn't exactly make it "Vanilla" then? 😋

Edited October 22, 2019 by Theo

[the.rampage.rado]

Very tangential question but I believe no need for new thread as it's just a question, not high priority.

• when inserting a script in Custom code it get added type='text/javascript' which is not needed in HTML5
• same when adding

  <br>

  in Product/CMS text fields it's corrected to

  <br />

• many native modules and some of my theme files have void elements ending with ...../>

So is TB targeted to be HTML5 or it's keeping some compliancy with XHTML? I was unable to find information about that.

PS - I know all are not 'errors' per se but if TB targets only HTML5 compatibility could we correct those?