[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

The tags are also showing in the Coupon Description (customer can see) of a newly created Discount Coupon. I am using CKEditor.

Quote:

---

Originally Posted by p1lot

Well,

I use a lot of HTML tags in my define pages as well as in my product descriptions.

And all < and >'s turn into &lt; or &gt;.

I fixed it already for the define pages, not for the product previews though.

Here the fix for "admin/define_pages_editor.php":
I added line 77 -> http://pastie.org/1191676

---

I did change all lines and the problem was solved.. Thanks

I had the same problem, followed Linda's instructions. Bingo all fixed. Thanks Linda!

Linda, you're heaven sent. Thank you, Thank you, Thank you. I've been the whole morning trying to figure out how to sort it out this problem, until I saw your post. Thank you!!!

Linda,

I did what you wrote and it worked II guess to a point. In the define pages editor and some ez pages that have html instead of an external or internal link it works

However in the product description pages I set the wording and it appears fine....click preview button and I see all the htm coding inserted within....yet the actual page is displaying normally on the store.

I have a couple of admns that will freak when they see the code like the product description and newsletter section. they will think that the customers will see this too.

Is there something to add to the code to stop the preview from not displaying what it will actually look like.

btw, I use CKEditor

Quote:

---

Originally Posted by DarkAngel

Linda,

I did what you wrote and it worked II guess to a point. In the define pages editor and some ez pages that have html instead of an external or internal link it works

However in the product description pages I set the wording and it appears fine....click preview button and I see all the htm coding inserted within....yet the actual page is displaying normally on the store.

I have a couple of admns that will freak when they see the code like the product description and newsletter section. they will think that the customers will see this too.

Is there something to add to the code to stop the preview from not displaying what it will actually look like.

btw, I use CKEditor

---

answered in this post

thanks clyde, I will tell all admins inall stores that they will see this and that it is not going to show up in the store as is seen.

It does look awful and maybe at one time that will be fixed....preview may not be as important as the actual page---if they put formatting in there it is great to actually see what it will look like, as it did before.

This is only a problem in preview whilst in admin right? So as I don't use any html editors at all I can just skip this whitelist file entirely?

Also- security wise does it make a difference having a whitelist file? In other words does it open a site up to any higher risk of XSS attack?

If no is answer to second question, then I shall add it. Thanks.

Quote:

---

This is only a problem in preview whilst in admin right? So as I don't use any html editors at all I can just skip this whitelist file entirely?

---

No, you will still see code in the admin preview if you do not add the whitelist you will also see it on the frontend

If you can put up with the pain a tiny bit longer then you may be able to avoid whitelisting altogether with v1.3.9h. We're working on a more convenient option which may make life simpler for everyone.

In the meantime, if you aren't entering any HTML code or encoded text like &amp; via your admin, you won't need to whitelist anything further. If you *are* entering such content then whitelisting will be needed in the meantime.