[Solved] TinyMCE, Markup with Custom Templates Plugin and Plone Protect

I added the Template Plugin in the TinyMCE Configuration. But if i have more than once direct child elements in the body, i see the plone protect script tag in the markup.

with this template the insert via the editor is ok:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
  <body>
    <div class="mceTmpl">
      <p class="callout">Your special Text</p>
    </div>
</body>
</html>

markup after insert in the Editor:

<div class="mceTmpl">
  <p class="callout">Your special Text</p>
</div>

here the second case:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<body>    
  <p class="callout">Your special Text</p>
</body>
</html>

markup after insert in the Editor:

<p class="callout">Your special Text</p>
<script id="protect-script" src="../++resource++protect.js" type="application/javascript" data-site-url="http://127.0.0.1:8080/plone" data-token="290ec87c29baa49548739916ef61a6abb5aeff09"></script>

Question: How can i prevent the insert of the script tag? I don't want the DIV in my code, it has side-effects in use the editor

UPDATE
I found a solution via ITransform Adapter.

<!-- configure.zcml -->
<configure
    xmlns="http://namespaces.zope.org/zope"
    xmlns:genericsetup="http://namespaces.zope.org/genericsetup"
    xmlns:i18n="http://namespaces.zope.org/i18n"
    xmlns:plone="http://namespaces.plone.org/plone"
    i18n_domain="my.addon">
  <adapter
      name="transforms.remove_script_tag"
      for="* *"
      factory=".transforms.RemovePloneProtectScriptTransform" />
</configure>
# transforms.py
from plone.transformchain.interfaces import ITransform
from zope.interface import implementer


@implementer(ITransform)
class RemovePloneProtectScriptTransform(object):

  # plone.protect has a transform with order id 9000
  order = 10000
  
  def __init__(self, published, request):
    self.published = published
    self.request = request
  
  def transformBytes(self, result, encoding):
    # do nothing
    return result

  def transformUnicode(self, result, encoding):
    # do nothing
    return result

  def transformIterable(self, result, encoding):
    # You know what you do, if you remove the protection script
    if "++plone++my.addon/tinymce-templates" in self.request.get("ACTUAL_URL"):
      for node in result.tree.xpath("//script"):
        node.getparent().remove(node)
    return result

1 Like

Hi!

I did a test with your code and it does not add the plone-protect script. Is it inserting it in the editor source (Tools -> view source) or on the source of the page after saving? Do you have a double plone-protect script included or just once? If so, any chance the html code has some issue, and plone-protect appears there because of it? Usually, plone-protect appears in the footer..

it is inserting in the editor source (Tools -> view source)

IMHO Its a bug that plone.protect tries to add its html to the tinymce snippet when it is served.

I did see the mceTmpl div before being preserved in the editor semi randomly, but never found out it had to do with the html complexity. Could be a bug in tinymce itself.

Be aware that the template plugin could be unusable if the TinyMCE instance is running in a modal. z-index problems.

Plone Foundation Code of Conduct