How Can I Give Customer Use Of Wysiwyg Editor (Eg Tinymce)?

Admins and vendors (in Multivendor) can use wysiwyg editors to enter rich text.

But for some reason this is not available to customers. How can I allow 's for customers that present a wyswyg editor?

For example, it would be nice if customers could use wysiwyg editors for their product reviews, or if vendors could use wysiwyg to provide their company description when they register.

How is the wysiwyg editor functionality turned off for customers? Why is it turned off? How can I turn it on?

All entered by customers data is sanitised due to security reasons.

All entered by customers data is sanitised due to security reasons.

Yes - I understand that. I am asking how to turn off that sanitising. Do you know where in the code the wysiwyg is disabled?

I also have 300 customers who are vendors who are not sanitised in the MV edition.

There are better ways to sanitize HTML other than completely disabling it.

It doesn't make sense - so I want to enable it for my customers. I will handle sanitizing the HTML myself.

Yes - I understand that. I am asking how to turn off that sanitising. Do you know where in the code the wysiwyg is disabled?

I also have 300 customers who are vendors who are not sanitised in the MV edition.

There are better ways to sanitize HTML other than completely disabling it.

It doesn't make sense - so I want to enable it for my customers. I will handle sanitizing the HTML myself.

This feature is added for security reasons. To disable it, you can set the 'sanitize_user_html' tweak in config.local.php file to false

Unfortunately there is no easy way to enable this feature. You should include editor files to store-front, add cm-wysiwyg class to all required textarea elements in the templates, use fn_trusted_vars function in php controllers, etc

Many thanks for your responses.

In fact I just came across the new SecurityHelper class (and the sanitize_user_html tweak) which looks useful.

However, I don't want to turn off security checking. I want to allow the customer to enter HTML, but then make sure it is checked (sanitized) to avoid security issues.

At the moment, I can't see how to present a wysiwyg editor to a customer. It appears that wysiwyg editors are only enabled for store admins and vendor admins. I want to enable them for all users AND perform security checking. Now that you have introduced the SecurityHelper this should be safe and improves functionality for the customer.

In 4.3.5 you can use the cm-wysiwyg class to use an editor for a text area on the frontend. Prior to this release, editors were only available on the backend and you had to directly include the editor code.

In 4.3.5 you can use the cm-wysiwyg class to use an editor for a text area on the frontend. Prior to this release, editors were only available on the backend and you had to directly include the editor code.

Thanks Tony. Looks like I need to do the upgrade!

You are a fantastic asset to CS Cart. I hope they appreciate you!

Thanks for the compliment. I try to educate and get a little business as well.....

Thanks for the compliment. I try to educate and get a little business as well.....

As one of your customers, I can assure anyone reading this that they will be getting the best support around - and at a reasonable price. Cheap, bad support is NOT good value - you end up spending more. EZ has great products and great support. (feel free to quote me!)

In 4.3.5 you can use the cm-wysiwyg class to use an editor for a text area on the frontend. Prior to this release, editors were only available on the backend and you had to directly include the editor code.

Did you test it? I do not think that data will be saved correctly without fn_trusted_vars function in the required controllers. Please pay attention to it before you provide the final quote

The problem that I was reporting here is that the wysiwyg editor did not appear on non admin or vendor screens - even when the cm-wysiwyg class is applied.

However, I am running 4.3.4 - I have not done the latest upgrade. If 4.3.5 now allows me to display wysiwyg editors to normal users, that solves my problem.

I do understand that some security will need to enabled when processing the html. Thanks for the tip about the fn_trusted_vars function.

The problem that I was reporting here is that the wysiwyg editor did not appear on non admin or vendor screens - even when the cm-wysiwyg class is applied.

However, I am running 4.3.4 - I have not done the latest upgrade. If 4.3.5 now allows me to display wysiwyg editors to normal users, that solves my problem.

I do understand that some security will need to enabled when processing the html. Thanks for the tip about the fn_trusted_vars function.

As I wrote in post #5. Even editor js failed are not included in the store-front. Looks like they fixed it in the latest versions

Ecom is correct, the fn_trusted_vars() needs to be set for the REQUEST variable being sent.

History of this is that I was doing some MVE changes for a client who wanted to have the vendor application include a description via a WYSIWYG editor. I'd tried cm-wysiwyg and it didn't work. I submitted a bug via bugtracker and was told it wasn't available in frontend.

So I added the code for an editor and made the appropriate adjustments to the vendor sign up controller. They said they would add it in a future release and I got a notification about it being in V4.3.5.

So yes, in addition to adding class cm-wysiwyg, you need to add a fn_trusted_vars('variablename') in the corresponding controller.

Mmmm - I am now on V4.3.5 in my test environment and it still doesn't work. What was the detail of the notification you got from CSCart about it being in 4.3.5?

I finally tracked down the problem and it is in core.js. See code below. You need to comment out the

if (_.area == 'A') {

otherwise the cm-wysiwyg class won't do anything for you unless you are already signed on as store admin or vendor.

What do you think CSCart were referring to?


processForms: function(elm)
{
var frms = $('form:not(.cm-processed-form)', elm);
frms.addClass('cm-processed-form');
frms.ceFormValidator();

if (_.area == 'A') {
frms.filter('[method=post]:not(.cm-disable-check-changes)').addClass('cm-check-changes');
var elms = (frms.length == 0) ? elm : frms;

$('textarea.cm-wysiwyg', elms).appear(function() {
$(this).ceEditor();
});

}
},

This is what I recieved. I haven't verified it since the customer has not moved forward to that version.


======================================================================
Issue Title: Enable Cm-Wysiwyg Class In Customer Area

Thank you for the report.

The fix will be included in the CS-Cart v4.3.5.
======================================================================

You can turn off issue notifications by visiting http://forum.cs-cart.com/tracker/issue-6093-enable-cm-wysiwyg-class-in-customer-area/?view=findpost&p=23928

Logged this as a bug at http://forum.cs-cart.com/tracker/issue-6261-cm-wysiwyg-class-not-enabled-in-customer-area/

Update - this is now scheduled for 4.3.6. See http://forum.cs-cart.com/tracker/issue-6093-enable-cm-wysiwyg-class-in-customer-area

In the meantime the fix I reported above seems to work for 4.3.5.

Unfortunately it's not a "fix" for an addon developer. It would require manual intervention at every client site. Why wasn't it included in 4.3.5 as published?

Well - I have just tested 4.3.6 - and CSCart have half done what I wanted. wysiwyg editors for customers can be enabled - but they have disabled support for images and video.

I understand that images and videos may have some security issues - but I would the ability to manage that for myself. For logged on users, whether they are registered customers or vendors, I want them to be able to load images (and videos) into the wysiwyg editor. Right now my registered vendors can, but my registered customers cannot. For me the security risk is the same, and I would like to be able to manage myself in both cases.