Problems, need help? Have a tip or advice? Post it here.
2 posts Page 1 of 1
Hi there,

I would like to use a richtext editor in a frontend form. I understand that this is not possible because of security reasons. The form is not accessable for non logged in users though. We trust all users (they are created by admins and have a similar role in the project).
Hi,

There are a few threads (e.g. viewtopic.php?f=4&t=7721) that show we can display all editable regions on the frontend *provided* we take care of explicitly adding the JS/CSS components used by those regions.

While that general principle still holds, the solution given in those threads for 'richtext' region is for the older v1.4 version of Couch so I'll lay down the revised solution for you here that should work with Couch v2.x+.

Please add the following in the <HEAD> section of your template -
Code: Select all
<head>
    <script type="text/javascript">
        window.CKEDITOR_BASEPATH='<cms:show k_admin_link />includes/ckeditor/';
    </script>
    <script type="text/javascript" src="<cms:show k_admin_link />includes/ckeditor/ckeditor.js?v=<cms:show k_cms_version />"></script>
</head>

Just by that addition, you should see CKEditor being displayed on the front-end.

However, there are a couple of points more to consider -
1. By default, Couch treats all data-bound regions to be untrusted and so applies more rigorous security checks to the contents submitted through them. In case of 'richtext', this will cause only a strict subset of HTML tags to be inputted.

Since your users are trusted, please override this behaviour by adding trust_mode='1' to the inputs e.g.
suppose 'my_richtext' is the editable region being used in the DBF as follows
Code: Select all
    <cms:input name='my_richtext' type='bound' />

please make it
Code: Select all
<cms:input name='my_richtext' type='bound' trust_mode='1' />


2. Even with the trust mode on, as we did above, while trying to add an image to the content, the user won't be able to browse the images stored on your server unless she is an admin or super-admin (the KCFinder window will show up blank for non-admins).

If you are absolutely sure you can trust your users enough to allow them full access to the browser, please use the solution given in the following thread - viewtopic.php?f=4&t=9057

Hope this helps.
2 posts Page 1 of 1
cron