-- HansHeider - 13 Nov 2011
Enabling the SafeWikiPlugin in Foswiki 1.1.3 results in the display of the error message "Unable to install TinyMCE? : could not read "TINYMCEPLUGIN_INIT" from FoswikiTiny? .init" every time one tries to edit a topic with the TinyMCEPlugin.
Disabling the SafeWikiPlugin resolves the issue, but of course disables the protection offered by the SafeWikiPlugin.
According to a IRC chat with CDot: "bottom line is, there is a known problem with the TinyMCE? editor when used with SafeWikiPlugin. At this time the only workaround is not to use one or other of the plugins".
-- HansHeider - 13 Nov 2011
The problem is that TinyMCEPlugin uses an inline
Version 2.0.0 works on trunk and Release01x01 with default configuration. -- CrawfordCurrie - 05 Feb 2012
<script>FoswikiTiny.init = { ... json ...};<script> to get settings out of Foswiki and into the TinyMCE editor.
One possible solution is to make the settings load via URL.
I've attached patches, which are also available on github at
-- PaulHarvey - 13 Nov 2011
We can't allow inline script in an SWP environment because anybody can use the ADDTOZONE or ADDTOHEAD macros to add arbitrary inline script to the head/script zones.
-- PaulHarvey - 13 Nov 2011
Right - and it's difficult to mark selected JS as "OK", because JS can be injected from a variety of sources.
On that note, it might be possible to distinguish between script injected using ADDTOHEAD and that injected using methods in the core. SWP could be trained to strip only script
that comes from an "unsafe" source (c.f. tainted)
-- CrawfordCurrie - 28 Nov 2011
Version 2.0.0 works on trunk and Release01x01 with default configuration. -- CrawfordCurrie - 05 Feb 2012
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. 
