Return to Jive Software

Up to Discussions in Developers
4,927 Views 29 Replies Last post: Aug 5, 2009 10:21 AM by Todd West RSS
Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated

Feb 12, 2009 2:08 PM

RTE strips away <param> values

Below are the steps to reproduce it,

 

1) Create a new discussion (in any group) or reply to existing question.

 

2) In the editor go to the HTML view

 

3) Paste the following in between the <body> </body> tags.
    <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="800" height="663" id="authoring" align="middle">
    <param name="allowScriptAccess" value="sameDomain" />
    <param name="allowFullScreen" value="false" />
    <param name="movie" value="http://www.chalk.com/mcds/authoring.swf" />
    <param name="quality" value="high" />
    <param name="bgcolor" value="#f4f4f4" />   
    <embed     src="http://www.chalk.com/mcds/authoring.swf"
          quality="high" bgcolor="#f4f4f4" width="400" height="300" name="MCDS 320x240" align="middle"
        allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash"
        pluginspage="http://www.macromedia.com/go/getflashplayer" />
    </object>
4) Switch back to "Show Full Editor" view.

 

5) Go back again to "HTML" view.

 

6) You will see the following code,
    <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="663" width="800">
<param name="id" />
<param name="align" />
<param name="allowScriptAccess" />
<param name="allowFullScreen" />
<param name="quality" />
<param name="bgcolor" />
<param name="src" /><embed width="800" height="663" src="http://www.chalk.com/mcds/authoring.swf" quality="high" bgcolor="#f4f4f4" type="application/x-shockwave-flash" allowfullscreen="false"></embed>
</object>

 

7) It looks like clearspace is stripping off all the parameter values !! (so the flash content wont be visible)

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 2:15 PM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

I don't think that this is what is causing the flash video to not load, but it might affect the way it looks. Try this to get the flash video to load:

 

  1. Open the up the admin console
  2. Navigate to Spaces -> Settings -> Filters and Macros
  3. Click on Settings for the HTMLFilter
  4. Modify the list of allowedDomains to include your video site URL's:

    youtube.com, dailymotion.com, veoh.com, vimeo.com, google.com, chalk.com

  5. Save these settings
  6. Go create a new document, discussion, etc
  7. Click on the >> button in the RTE and click on "Insert Raw HTML"
  8. Copy your embed code for your video and paste it into this box
  9. Save your document, discussion, etc and everything should be displayed!

 

 

Thanks.

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 12, 2009 2:29 PM in response to: Todd West
Re: RTE strips away <param> values

Todd,

 

Thanks for the quick response.  Your suggestion worked. Is this the proper way to embed a flash file?  Normally, is a user not suppose to embed the flash file directly into the RTE?

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 2:30 PM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

Embedding flash files into the RTE is perfectly fine. We just disallow it by default to prevent any possible security issues. We like to keep everything as locked down as possible from the start and users can unlock it as they see fit. Thanks!

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 12, 2009 3:20 PM in response to: Todd West
Re: RTE strips away <param> values

Todd,

 

What I meant was should a user always embed flash files through the RAW HTML method or are should a user be able to embed flash files through the HTML view of the RTE?

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 3:22 PM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

Ah, I see. It should work either way I believe. The insert RAW HTML just seems like the easiest in most cases cause it allows to move it around/remove it easiest. Thanks.

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 12, 2009 3:28 PM in response to: Todd West
Re: RTE strips away <param> values

Thanks Todd. So it sounds like the method to imbed a flash file through the HTML view does not work correctly since it strips the <param> values away. Will a defect be filed for this?

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 3:36 PM in response to: Joey Chen
Re: RTE strips away <param> values

Does the Insert Raw HTML macro strip out param tags as well? This might be done on purpose.

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 12, 2009 3:44 PM in response to: Todd West
Re: RTE strips away <param> values

The RAW HTML does not strip out the <param> tag values which is why I am able to load the flash in RAW HTML but not normally through the RTE HTML view.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 4:01 PM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

I'll have to consult with our engineering team here. This might have been a design decision to have it function this way. Thanks.

 

-Todd

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 12, 2009 4:25 PM in response to: Todd West
Re: RTE strips away <param> values

Hey Joey,

 

This is by design. The Insert Raw HTML macro was designed for this exact purpose. The HTML tab of the RTE runs through JTidy to make sure that all of the HTML is safe and will not harm the output in the RTE. The Raw HTML macro protects the RTE from this automatically and does not strip out the tags. Hopefully that makes sense. Thanks.

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 12, 2009 5:18 PM in response to: Todd West
Re: RTE strips away <param> values

Thanks for the clarification Todd.

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 27, 2009 11:20 AM in response to: Todd West
Re: RTE strips away <param> values

An observation was noted that after our Clearspace upgrade to 2.5.7, the flash video that was embedded via RAW HTML does not display anymore.  However, I noticed that it does display in FF but not in IE6.

 

Any idea why this flash file is not displaying in IE6?

 

Thanks.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 27, 2009 10:40 AM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

This was a tough one to track down. It appears that we added some code in 2.5.7 to protect against possible code execution and this has broken flash videos on IE6. The reason for this is we strip out the classid (which shouldn't be neccesary anyways) but for some reason IE won't display without it. We realize this can be a critical issue for some people so we have put this fix into 2.5.8. The Bug ID for this issue is CS-12002.

 

Please let me know if you have any questions. Thanks.

 

-Todd

Will Findlay Novice
Will Findlay
21 posts since
Mar 24, 2009
Currently Being Moderated
Mar 24, 2009 2:45 PM in response to: Todd West
Re: RTE strips away <param> values

Thank you for clarifying this as a bug. I'd also suggest that object embedded SWF files hang while loading in Internet Explorer 7 as well as 6.

 

As to the cause, I think that the main problem is that the classid is not completely stripped out of the object tag when the page is rendered. The classid paramater goes from classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" to classid="#"

 

I think that IE hangs because it doesn't know how to interpret a classid of "#". (The codebase param is also reduced to codebase="#", but this doesn't seem to be an issue).

 

If we edit the object tag and completely remove the classid param, the SWF no longer hangs. This isn't a viable solution though because it would require fixing the embed code for almost every embedded video in our site, and even if we did, according to Adobe it appears to be recommended to include classid (though I'm not sure why):

 

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_12059&sliceId=2

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_4150

 

We also found that if we add a type parameter instead of deleting the classid param that this also would solve the problem (e.g. type="application/x-oleobject" for example).

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Feb 27, 2009 11:20 AM in response to: Joey Chen
Re: RTE strips away <param> values

Thanks Todd. I'll keep this case open until I can test for the fix in 2.5.8.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Feb 27, 2009 11:25 AM in response to: Joey Chen
Re: RTE strips away <param> values

Hey Joey,

 

Sounds good. Just let me know once you are able to test this out. Thanks!

 

-Todd

Will Findlay Novice
Will Findlay
21 posts since
Mar 24, 2009
Currently Being Moderated
Mar 25, 2009 12:32 PM in response to: Todd West
Re: RTE strips away <param> values

Is this resolved? If so, in which new version?

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Mar 25, 2009 1:19 PM in response to: Will Findlay
Re: RTE strips away <param> values

This has been fixed as of 2.5.9. Thanks!

 

-Todd

Kathy Cox Novice
Kathy Cox
241 posts since
Jan 9, 2009
Currently Being Moderated
Apr 15, 2009 5:58 PM in response to: Todd West
Re: RTE strips away <param> values

Also fixed in 3.0?

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Apr 15, 2009 6:20 PM in response to: Kathy Cox
Re: RTE strips away <param> values

Yep! Any bug that has been fixed for 2.5 is fixed for 3.0 as well (if it still applies). Thanks.

 

-Todd

Will Findlay Novice
Will Findlay
21 posts since
Mar 24, 2009
Currently Being Moderated
Jun 25, 2009 2:56 PM in response to: Todd West
Re: RTE strips away <param> values

I am testing in 3.0.2 and classid is being stripped when using Insert Raw HTML. Did this classid restriction creep back into the code?

Kathy Cox Novice
Kathy Cox
241 posts since
Jan 9, 2009
Currently Being Moderated
Jul 1, 2009 7:35 AM in response to: Will Findlay
Re: RTE strips away <param> values

The Param type is gone.  Pasted the code from Sam's original post into our 3.0.2 version in UAT and went to Full Text and back to HTML.  See the below for result.

 

<body><p>
<object align="middle" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" height="663" id="authoring" width="800">
</object>
</p></body>

 

Should this be resolved in 3.0.2?

Kathy

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Jul 1, 2009 7:48 AM in response to: Kathy Cox
Re: RTE strips away <param> values

Hey Kathy,

 

You'll need to use the "Insert Raw HTML" macro in order for the param values to stay. I don't believe this will work if you paste it into the HTML view. Thanks.

 

-Todd

DaveNixon Novice
DaveNixon
109 posts since
Apr 2, 2009
Currently Being Moderated
Jul 1, 2009 9:45 AM in response to: Todd West
Re: RTE strips away <param> values

This does work correctly if you use the "Insert Raw HTML" macro!

 

It fails miserably if you use the HTML view!

 

I suppose this is a very advanced function and that the average user will not even attempt this.  It would be nice though if the HTML view worked a bit better.

If you paste the code into the HTML view and return to "Show Full Editor" you actually see the video, but once you return to HTML view, the code gets stripped out and upon return to the Full Editor, the  video link is broken.

 

An interesting behavior is that if you successfully insert the video by using the "Insert Raw HTML" macro... you can go back in through the HTML view and make minor changes to the code and it still works!  So it seems like there may be some type of bug in the HTML View mode where it can't handle the code during the initial create but can handle it in update.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Jul 2, 2009 3:52 PM in response to: DaveNixon
Re: RTE strips away <param> values

Hey Dave,

 

Yeah, elements within the Raw HTML macro are treated differently and not escaped like the regular HTML that is entered in other locations. This is used for a few different reasons but is really good because it allows you to move around your HTML code and modify it from the Rich Text view without having to go in and search through the other HTML. This is the intended functionality of the HTML Macro and HTML view as I understand it. Thanks!

 

-Todd

Joey Chen Novice
Joey Chen
231 posts since
Sep 19, 2008
Currently Being Moderated
Jul 27, 2009 2:03 PM in response to: Todd West
Re: RTE strips away <param> values

Todd,

 

When I use the "Insert Raw HTML" option to embed a flash object, it does not seem to work in our UAT (3.0.x) or PROD(2.5.7) instance. This is the following code I placed inside the RAW HTML field.

 

  <object>
    <embed     src="http://forthill.mobilerider.com/embed/small/918/16759/"
          quality="high" width="573" height="448"
        allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash"
        pluginspage="http://www.macromedia.com/go/getflashplayer" />
    </object>

 

I see a white box but nothing displays.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Jul 27, 2009 2:07 PM in response to: Joey Chen
Re: RTE strips away <param> values

Hi Joey,

 

You'll want to be sure that you add mobilerider.com to the list of allowed domains here:

 

Admin Console -> Spaces -> Settings -> Filters and Macros -> HTML Filter -> Edit -> Allowed Domains

 

 

Thanks.

 

-Todd

DaveNixon Novice
DaveNixon
109 posts since
Apr 2, 2009
Currently Being Moderated
Aug 5, 2009 10:15 AM in response to: Todd West
Re: RTE strips away <param> values

Todd,

It doesn't make sense to me that I can use one function to successfully insert HTML and then when I use another function to view the HTML I just inserted, the HTML is not displayed as it was entered and persisted.

 

Can this be corrected?   This is causing confusion to our end users.

Todd West Jive Employee
Todd West
15,918 posts since
Jul 14, 2008
Currently Being Moderated
Aug 5, 2009 10:21 AM in response to: DaveNixon
Re: RTE strips away <param> values

Hey Dave,

 

I believe this is actually the intended behavior and why we created the Raw HTML macro. The HTML tab is best used for adding specific HTML for styles, formatting, etc but not for complex HTML such as this. When you use the filter is makes sure not to strip out specific things that embed code might need to display. It also makes it easier because our RTE currently has no way of displaying this content in-line. When you have it within a Raw HTML macro you can view and edit the HTML within the RTE. Some of this functionality should hopefully be improved in our 4.0 release as well, there are a few things that we have been considering. Hope that helps. Thanks.

 

-Todd

More Like This

  • Retrieving data ...

Bookmarked By (0)

Case Product Issues

Loading Jira issues

Loading related product issues for this case
To better serve our customers we have included functionality to automatically follow up on a case after it has been idle for more than 5 days, and then auto close after an additional 3 days of inactivity. Choose No to acknowledge that this case will remain idle for longer than 5 days.
Making cases public allows other customers to learn from the solution of the case. It can also be used to gain feedback from others in the community. Ask our Support Engineers for more info, but we encourage you to make your cases public.