JavaScript API FCKeditor returns the code "Security Error": "1000" when trying SetHTML ()

Question

JavaScript API FCKeditor returns the code "Security Error": "1000" when trying SetHTML ()

After opening a web page with one FCKeditor window in it, I get an instance:

i = FCKeditorAPI.GetInstance( "txtText" )

It works. I am also allowed to:

 i.GetHTML() #=> <div class=".... etc., correct output

But when you try

 i.SetHTML( "<h1>Quux</h1>" )

I get:

 [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_... etc. ]

I have a vague feeling that in the past I was able to modify the contents of the FCKeditor window using SetHTML (), but I'm not quite sure. What to do?

In response to the comment, my HTML

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1250" /> <meta http-equiv="Content-language" content="cs" /> <meta http-equiv="expires" content="-1" /> <meta http-equiv="pragma" content="no-cache" /> <meta http-equiv="cache-control" content="private" /> <title>Foo | Bar | WebMaker | FOO.CZ</title> <style type="text/css" media="screen">/*<![CDATA[*/@import url(http://webmaker.ooo.cz/_design/style.css);/*]]>*/</style> <script type="text/javascript" src="http://webmaker.ooo.cz/common.js"></script> </head> <body> <div id="header"> <span><a href="http://webmaker.ooo.cz/logout.aspx">Logout</strong></span> </div> <div id="main"> <div id="content"> <div id="tabmenu"> </div><!-- /tabmenu --> <dif id="tabcontent"> <form name="_ctl2" method="post" action="detail.aspx?article=14599" id="_ctl2"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE2MTEzz0iZG9.....reallllly..looong...strin......6qKb5or30J5DCLKTCaFR/xc8TPHb9A=" /> <script type="text/javascript"> <!-- var theForm = document.forms['_ctl2']; if (!theForm) { theForm = document._ctl2; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } // --> </script> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEQ...vsyXR4=" /> <div class="data"> <fieldset> <legend>Text článku</legend> <div><input type="hidden" id="txtText" name="txtText" value="FCK editor window contents here." /><input type="hidden" id="txtText___Config" value="HtmlEncodeOutput=true" /><iframe id="txtText___Frame" src="http://webmaker.ooo.cz/_wysiwyg/editor/fckeditor.html?InstanceName=txtText&amp;Toolbar=WebMaker" width="100%" height="400px" frameborder="no" scrolling="no"></iframe></div> <input type="button" onclick="GetWordsCount('txtText___Frame')" value="Zobrazit počet slov v článku" /> </fieldset> <!-- There are some more fieldsets here and a submit button. --> </div><!-- .data --> </form> </div><!-- tabcontent --> </div><!-- /main --> </body> </html>

+1

javascript api fckeditor securityexception

Boris Stitnicky Jun 20 '13 at 1:01

source share

3 answers

Pretty sure, this is some kind of cross-domain problem, where you probably think you are working in the same domain, but not really. I will need to check the actual page on which this works to really help you, but try downloading all the relevant fckeditor files using relative file paths (optional from the root) and never include the actual domain, which will prevent a ton of troubles in general (e.g. otherwise, it may happen that you are on example.com but are downloading files from www.example.com or similar problems).

The strange thing is that you also won’t be able to read files, but the error caused is due to unprivileged actions, which are almost always associated with problems in the cross-domain space (or some very complex cross-context script problems), but this is mainly only if you develop addons).

+1

David mulder Jun 26 '13 at 10:09

source share

If your javascript comes from " http://webmaker.ooo.cz/ ...", then it is possible that you get a problem with the domain by re-viewing the website under a different subdomain than javascript is extracted from. I am not sure about the fix, and I'm not sure what is required, what is wrong. Just an opportunity. I suggest trying to put the javascript that you use on the page using html to make sure the code itself really works.

+1

Samuel reid Jul 02 '13 at 17:06

source share

James holderness · Accepted Answer · 2013-07-02T17:25:15+0000

The FCKeditor SetHTML method relies on a call to document.write to replace content in an edit control. Unfortunately, document.write does not work from the web console in Firefox.

This is a known bug: Using document.write inside a Scratchpad window causes a "Security error undefined" in the web console

I know that the error says that Scratchpad and the error message are different, but this is the same problem. Note this comment from David Chan (Mozilla Security Researcher):

This seems to be another error when launching WebConsole / ScratchPad in a sandbox.

The reason you probably remember that you were able to do this in the past is because it works in FireBug and works in Chrome. You have probably used one of these environments in the past when using the FCKeditor control.

JavaScript API FCKeditor returns the code "Security Error": "1000" when trying SetHTML ()

More articles: