Strange code auto-inserted in the FCKeditor.

Events happening in the community are now at Drupal community events on www.drupal.org.
opegasus's picture
Posted by opegasus on September 17, 2010 at 10:54pm

Last night Andy Laken was graciously helping me with some brain lock-ups I was encountering on my Drupal site build. During the course of his explanations he discovered one of the issues I had a note to ask about.

I have FCKeditor installed as the WYSIWYG editor for the site. I noticed strange little boxes always being added to the bottom of each text field and that happened each time I opened and edited a Page or a Story, didn't matter. The little squares (in the WYSIWYG mode) looked like the kind of squares one sees when an imgae didn't load in the older browsers.

Upon switching to the plain text editor I noticed a string kept being added either every time I opened or saved the page-editor. This was the string:

<!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy">

So after a few edits each node had something like this:

<!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy"><!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy"><!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy"><!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy"><!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy"><!--Session data--><input type="hidden" onclick="jsCall();" id="jsProxy">

Okay well after much pondering I searched and found a node that, in short, had an entry where one person explained the issue (generally) and then the steps to cure it.

I will just copy/paste that users answer. BTW, it worked!

Double BTW, make sure when you go to follow the steps you export your Bookmarks to a safe folder so you can import them later.

The software the post suggests is commercial but there is also a free 30day full version trial.

Problem is in browsers - remove and reinstall
ISchier770 - April 29, 2009 - 08:27

BS"D

I finally solved the problem in Firefox which in my case was the only browser that was inserting the malicious code.

What I had to do was to use Revo Uninstall http://www.revouninstaller.com and thoroughly remove Firefox including all registry entries before downloading Firefox again and reinstalling it. This should solve the problem for all browsers except IE which cannot be uninstalled with Revo.

As an aside, I had serious problems even opening IE and what I did was to use Revo to get rid of Silverlight. This solved the problem; the 2 browser problems may have been related or it may have just been coincidence.

Comments

WYSIWYG is of the Devil

Posted by scottrouse on September 17, 2010 at 11:18pm
scottrouse's picture

WYSIWYG editors are notoriously annoying and hard to configure properly (note the lack of WYSIWYG on the Groups.Drupal.org site). When I'm editing content, I'm almost always doing it in straight HTML. The problem, of course, is that I don't get paid to build websites people like you and I can manage. I get paid to build sites which are manageable by mere mortals...nay, mere simpletons.

So, here are my thoughts, in no particular order, as they relate to WYSIWYG in Drupal:

  • The older single WYSIWYG modules such as TinyMCE, FCKeditor, and others are generally considered deprecated (exceptions apply, of course). It is now common practice to, instead, install a single helper module, called "Wysiwyg", and then add to that whatever helper libraries, or "editors", you desire (TinyMCE, FCKeditor, etc, etc). Keep in mind that is different from just installing the "TinyMCE Module."
  • Speaking of TinyMCE, in my testing, I've been happiest with the output from that editor. So, though you're in no way going astray with other choices, I recommend adding the TinyMCE editor to the Wysiwyg module.
  • If you have more than one role editing content on your site (in other words, it's not just you), I highly recommend adding in the Better Formats module for more fine-grained Wysiwyg configuration.
  • I find it works best with most clients to limit the functionality of the WYSIWYG editor as much as possible. In other words, don't just enable every possible button the editor provides. If they only really need to be able to make bold and italic text, bulleted and numbered lists, just give them those options. That's it. Nothing more.
  • And finally, is WYSIWYG is of the Devil, Microsoft Word is surely some sort of uber-satanic being. I kid, of course, but it's important to prepare your clients (and yourself) with the knowledge that a simple "copy and paste" from Word (and other similar word processing programs) will typically introduce some strange, hidden code into your site. Though not necessarily malicious, be on the lookout for the occasional <!--StartFragment -->. Some WYSIWYG editors offer a Paste from Word option which tries to clear up that (and other) issues, but it's not perfect. You may have to view the source code to clean it up manually.

Best,
Scott

Scott Rouse
http://about.me/scott.rouse

WYSIWYG is of the Devil II

Posted by opegasus on September 18, 2010 at 12:41am
opegasus's picture

Thanks Scott,

Great full explanation...

Well in all honesty I am one of those simpletons. :-D I like the idea of highlighting and selecting predetermined (themed) CSS and all that. It shortens steps (not always a good thing) and keeps styling in line with the theme, already mentioned. Yep, I hear you now, using the HTML will use the CSS from the theme.

Now my second admission, typing is not my forte so it may mean a closed door to actual coding beyond copy/paste. :-(

Personally I had mucho difficulty in setting up libraries for the WYSIWYG module for editor storage. Each editor had it's own 'special' PTF and what was nested where, etc. I never got one to fully work without errors turning my upper screen red-pink for a few lines.

Granted throwing one's hands up after a day of frustration and installing just the FCKediter is not the best answer...but it works for now.

I must say I agree with all the logic you shared. Had I been able-capable of nesting the files (oh, I did try many versions-hierarchy's of nesting-PTF) the injection scripting I commented about earlier still would have been a potential issue. Apparently others had a FireFox-script injecting issue with the editors-FCK was the main one commented about though. One or two had injection issues with IE but none with Chrome or Safari-odd. I checked in IE-Safari & Chrome and they did not inject so I narrowed it down to FireFox.

Thanks and one quiet day I will attempt to solve the editor library file thingy and switch. For now at least, I have one working and the site beckons along with all the trainings of these modules. :-D

Western Montana

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.