Adsense stripping again?!!!@#$^%

Why is 7.2 stripping the ad-sense completely from the source code input?

Damn, it was such a pain in the ass to manually edit the database for this!

The HTML purifier can be a pain, but If you're just trying to add a new adsense block to a page, try my free Simple Ad Manager module. It can rotate banners, but you can also use it to display adsense blocks.

http://www.boonex.com/m/simple-ads-manager

Are you posting as admin?  If so, HTMLPurifier should not even be in the mix, as admin posts aren't supposed to be passed through it.  That leaves TinyMCE.  Are there specific elements being stripped?  It can probably be corrected by modifying TinyMCE init.

@ Denre: I understand a market vendors need to promote their products. This however, is the bug reports forum, and as such, It may not be the proper place to plug a market product in response to a report of a possible bug.  This of course, is only my opinion and may not represent the views of Boonex management.

i used to do it with switching to html then paste the adsense code

 I appreciate your opinion, however in this case I offer a work-a-round to a reported issue. Not everyone can modify the database or wait for this to be fixed in a next release.

 OK, but the reported issue is source code being stripped from posts made by an admin. This should not happen, and the most likely cause its the TinyMCE editor stripping out various elements when the post is submitted.

Please help me understand how your 'Ads manager module' addresses this particular problem. 

My module does not address the TinyMCE issue, however it does address the issue of adding an adsense block to a page, without getting the code stripped by the TinyMCE editor.

I hope that clarifies things, but if not, we can always discus this somewhere else. After all this is a bugs report forum and all I wanted to do is offer a work-a-round to the reported issue, which is "Adsense stripping again".

There is no mention here of either the TinyMCE editor or HTMLPurifier.  Newton is not a beginner, I think he understands that javascript can not be entered while the TinyMCE editor is active.  I read this as the code was being stripped out while entering it with TinyMCE turned off. However, it could be read using the HTML editor of TinyMCE and if that is the case, then yes, when you save and close out the HTML editor of TinyMCE, it will strip out the javascript code unless you add it as a valid element.  Of course one would want to add more than just the javascript tag because then all javascript code could be added even by the members of the site; which would not be a good thing.

 I know this. I know Newt knows this. I know that you know that Newt knows this.  If however code is posted via the code window via Tinymce, elements not within the specified valid elements will still be stripped out.  That's why I usually add extended_valid_elements: '*' to tinyMCE init for my own sites. 

Perhaps this would be a good time for Newt to elaborate on "source code input".  

OMFG

Ok, guys get a grip...

Denre was trying to help me obviously and to boot, I already own his module.. maybe he was reminding me.

I have figured out the problem I think, like someone cares at this point.

When you want to ad an adsense ad, you need to make sure you click on the HTML Editor link on the bottom left.

 The link for HTML code in the menu ( I guess the Tiny crap) you get stripped. 

Using the link bottom left of the box, sometimes saves, it actually takes a couple times for me.

And don't tell me I'm the only one doing google ads and no one has mentioned this yet.

 I care.  Not so much about adsense code, but the fact that parts of it are being stripped.  If your adsense code gets mutilated, then other  types of code may get the same treatment.  I for one, would like to find out why, and that won't happen by circumventing the problem with some third party module. 

Can you post some problematic 'sample code'?

 LOL, sure..my Adsense code...

<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

<!-- some poll questions -->

<ins class="adsbygoogle"

     style="display:block"

     data-ad-client="ca-pub-6114968783079511"

     data-ad-slot="1581392264"

     data-ad-format="auto"></ins>

<script>

(adsbygoogle = window.adsbygoogle || []).push({});

</script>

Maybe I should produce a video like I always have to do.

I care as well Newton  I have not installed 7.2 yet, keep meaning too but I have other things to attend to.  I do know this, it use to be you could not turn off TinyMCE and get it to stay off; you could turn it off for only the instant you are working on a block  Come back into the admint and go to a block and the TinyMCE would load which would then strip out the code.  We need a way; if it is not already implemented in 7.2, to turn off TinyMCE for a block so we can insert code and then if we need to open that block again it won't load TinyMCE.  If TinyMCE loads and then closes it will strip out the code; so it must not load at all.  What I did was to keep copies of the code in a file knowing that if I needed to make changes to a block that TinyMCE would screw the code if it loaded.

OK, I'm going to try again to explain.

Using this method it's cleaned..

the code is stripped.

 and the last picture method works.

OK, you can not use source code button.  Source code button is a plugin for TinyMCE.  When you save and close the source code of TinyMCE, the contents is sent back through TinyMCE syntax checker before it reaches the editing window thus causing the "clean-up".  Now, you can set a condition for TinyMCE so that it won't strip out such tags as javascript but you must do it so that only adsense code is allow.  See tinymce.com for more information.  If you allow all javascript code then members could add malicious code to your site.

What a waste of ya'll's time..

Sorry.

Not a waste of my time at all.  My problem is going to be converting the things I added to TinyMCE over to the new version; or think about just keeping the current version.  I also would have to convert the image/file manager I installed for TinyMCE storage locations and such to use MoxieManager; that is necessary because my file manager is flash based so MoxieManager will be an improvement.  

 Not at all a waste of time.  TinyMCE, and its source code plugin, is designed to be used as a standalone html editor, that by default, prevents users from posting harmful code.  Script tags, iframe tags, and various other tags are stripped.  All this is not necessary on a dolphin site, because html content posted by standard users is passed through htmlpurifier to remove the bad stuff.  It doesn't need TinyMCE in front of it removing stuff, especially where site admins are concerned.

The solution is to add:

                        valid_elements : '*[*]',

to TinyMCE init in /templates/base/scripts/BxBaseEditorTinyMCE.php

I've attached a copy of this file with this change in two places. I did not change the minimal MCE

Once you change the file, do the usual cache clearing stuff.  This will allow site admins to post whatever code they want to using the source code input of TinyMCE, and it will post essentially unmolested... forum posts, blog posts,... anywhere.  Posts by standard members will be filtered through htmlpurifier to clean up any malicious or invalid code, so I'm pretty sure this change does not introduce a security risk.

The caveat is, that if you post some bizarre code, that fcks up your entire site, you may have to go database diving to delete it.  My position has always been that experienced site admins should be free to fck up their own site any way they damn well please.

I have confirmed that when posting your sample code as a standard member in a forum post, the code is completely obliterated.  When posted as site admin, the code is intact. 

If we allow all valid elements in TinyMCE, then we need to check the parameters in HTMLPurifier to make sure that things are set as we wish.  Go to http://htmlpurifier.org/ to learn more.

The default configuration of HTML Purifier is very secure... they've been at it a long time.  Until someone proves me wrong. I'm 100% confident that allowing all elements and all attributes to pass through TinyMCE, poses no security risks insofar as posts by standard members are concerned.

As I said earlier, the risk is that if an admin posts some bizarre code from outer space, it is possible that it will wreck something, but most likely only the page where the content has been posted.  It is possible that some strange code could make the page unusable, and that the admin will have to directly edit the database to remove the offending code.  In that regard, this is a TinyMCE configuration that should only be used by experienced admins that have no problems with editing databases directly... if that description does not fit you as an admin, then you should just leave things the way they are.

Bottom line as far as this topic is concerned: This is not a bug, and is most likely working as Boonex intended.  Now that I know it's not a bug, I have no  objections to vendors promoting their modules in this topic.

 I agree now I fully understand what post method to choose.

 I had to revisit this.

Your fix did "fix" this issue, but it is NOT working as Boonex intended.

Please watch this video. This was done before I applied your fix above.

http://somepollquestions.com/mymedia/videos/ads/Ads.html

| "but it is NOT working as Boonex intended."

Sure it is.  Boonex intended this to be used by retarded chimps, and retarded chimp don't care if code gets stripped.

I usually entirely remove TinyMCE editor from the html block.  I have always thought it was a stupid place for it, and bitched repeatedly when boonex added it there.  It is there only so all the little weenies that can't be bothered to learn some html basics, can have their little custom block and be proud of themselves.

You know this shit well enough... you should remove the editor as well.  Then you'll never have this problem again.

Oh... and just in case you want to do that, /inc/classes/BxDolPageViewAdmin.php  around line 542

(It seems like every Boonex upgrade patch overwrites the file, so I seem to be constantly doing this)

        if( $aItem['Func'] == 'Echo' ) {
            $aForm['inputs']['Content'] = array(
                'type' => 'textarea',
                'html' => false,
                'html_toggle' => false,
                'dynamic' => true,
//                'attrs' => array ('id' => 'form_input_html'.$iBlockID, 'style' => 'height:250px;'),
                'name' => 'Content',
                'value' => $sBlockContent,
                'colspan' => false,
            );

Hey Houston,

Will your patch work for 7.3?  It's suppose to allow admin to enter code into TinyMCE  without stripping and users to continue to use as normal, right? Thing is, I've downloaded and installed your file but now I don't seem to have any editor whatsoever.  No way to enter code at all, just says html block (no place to enter code anywhere).

I never installed the patch on DL7.2 but it sounds like it worked wonderfully for most folks, but  I'm not sure what's going on with 7.3.  I cleared browser cache and Dolphin cache.  Can anyone verify that patch works on 7.3? Everything else works great but it just seems to take away editor completely with no way to enter code at all.

Any ideas?

Thanks

DivineArc

Use the text block on 7.3 and you'll find that AdSense and all other JavaScript works fine.

Michel on Meta-Travel.com

 First of all, the version of BxDolPageViewAdmin.php attached to the above post, is from version 7.2 and SHOULD NOT  be used with version 7.3  Restore the original file.

To apply this change to the 7.3 version of BxDolPageViewAdmin.php, apply the changes highlighted in red at around line 579

            $aForm['inputs']['Content'] = array(
                'type' => 'textarea',
                'html' => false,
                // 'html_toggle' => true,
                'dynamic' => true,
//                'attrs' => array ('id' => 'form_input_html'.$iBlockID, 'style' => 'height:250px;'),
                'name' => 'Content',
                'value' => $sBlockContent,
                'colspan' => false,
            );

Second, I don't believe you fully understand what this change does. It removes the TinyMCE editor entirely, so that HTML block editing will have only a text box, and nothing typed in the text box will be stripped.

This change is for those of us that find TinyMCE extremely annoying and obtrusive for this particular application, and prefer to use a raw text editor for html code.  If that does not describe you, then you shouldn't use this modification.

Hey Guys,

Thanks a mil for the update.  Everything is SOOooooo much easier now.  I can do way more a whole lot faster.  (Was wondering what that text block was for - makes wayy sense now!)

One more thing while I'm at it: just out of curiosity, H-man you know what functionality

// 'html_toggle' => true,

provides?  Was trying to make it work a while ago before I checked back and found the replies.  Anyway, I kinda over implemented the same solution you outlined.  In addition to the rest, I changed

// 'html_toggle' => true,

to

'html_toggle' => false,

Everything seemed to work fine, but I'm wondering if there is maybe some unknown functionality it may have disturbed?

Anyway, everything's super now.  I switched all back to normal and am making great use of that text block.  ...just wanted to know for my own personal growth. 

Thanks again guys

DivineArc

This one worked for me. Is there anything that "speaks" against this solution?