HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

[5.0.3] HTML Security Filtering

Login / Search

 [ Join | More ]
 Add topic 
#66624 (In Topic #14214)


Super Administrators are subject of security filtering

Hi Team,

As per the ocPortal documentation, super-administrators are not subject to any HTML security filter.

However, being member of the Super-Administrators, my Java Script is completely removed from the WYSIWYG editor (news).

I can't seem to find any setting/option to change permission, so is this an issue?

Thanks in advance and have a good day.
Back to the top


I think I found something…

As long as my JavaScript references to an object which already exists on the site, the JavaScript is not being dropped.

In case my JavaScript references to an object which is added as new object along with the JavaScript code, the editor removes ALL (!) JavaScript code from my editor.


< div id="something"…

< scrip…
< / scrip…

The above will remove all JavaScript from my editor since div id=something does not already exist, in other words, is not already known to OCP.

If I would change the code to:

< scrip…
< / scrip…

the JavaScript will not be dropped since object "global_middle_ph" is known to OCP.

Note: I run this as Super-Administrator
Back to the top

It's not a good idea to have anything that is not directly WYSIWYG in the WYSIWYG editor, including careful use of tags to apply custom CSS styles, or Javascript. Various things can relate to it getting stripped or corrupted.

You can disable the WYSIWYG on a per-field basis by adding this Comcode:


{$,page hint: no_wysiwyg}
which I've realised is not documented, so it will be when we update the docs.

Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: