Tuesday, April 14, 2009

Protecting your Coldfusion Tags from FCKEditor

I ran into a problem on one of my client websites that wanted some dynamic content on their homepage. I edited the homepage in Dreamweaver and added some Coldfusion tags. Two days later, the clients opens the homepage.cfm file in their control panel and FCKEditor screwed up my Coldfusion Tags which generated an error on the homepage (argh!). Naturally I figured there was a setting in fckconfig.js that would solve my troubles. Well, there is, but I had to do a bit of digging to find out how to protect my Coldfusion tags from FCKEditors wrath. You see, the good folks that make FCKEditor available tell you how to protect your php and asp code, but are silent when it comes to Coldfusion tags. FCKEditor attempts to parse Coldfusion tags as HTML and so when you switch views it messes with yours tags in unspeakable ways. But I almost did a little dance when I found the solution to my problem!

I've posted the solution in the CF Shopkart forum:
http://www.cfshopkart.org/viewtopic.php?f=12&t=125

FCKEditor will ignore any of your Coldfusion tags if you add those lines. Sure, it's a security risk if you are using FCKEditor on a public website, but it's only used in the Control Panel for my client and they don't know anything about CF so I figure I'm safe :D

Edit: In order for dynamic coldfusion content to display in a web browser using FCKeditor, you need to turn script protection off in the cfapplication tag. It is a security risk though because it protects your site from cross site scripting. So if you've been putting cf tags in FCKEditor and then wondering why the dynamic output is not working, it's because script source is on. Set it to "None" or give it a comma delimited list of variables you want to protect. Read more here: http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_a-b_5.html#1097308

UPDATE:
The link above is dead and I can't paste the code to my blog so if anyone seeing this still needs the code, just email me. You can contact me on my website using the contact form: http://www.cfshopkart.com
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)