Weirdness Explained - TinyMCE decodes and strips < and > entities

The problem

I wanted to be able to enter the text "<30" into a TinyMCE block and was finding that it would save once, but then get stripped out by TinyMCE once the page was reloaded.

What's going on here?

TinyMCE is properly encoding "<" as "&lt;", but then the browser is (conveniently?) decoding the entity before it gets to TinyMCE.  The editor then assumes you have an unknown tag and promptly strips it out.

The (kind of) fix

Add a space between "<" and "30".

TinyMCE will still get a decoded "<" but will correctly interpret that you are not attempting to make your own tag and will silently reencode it for you.

The (more foolproof) fix

OK, so maybe you can't always (or don't want to) add a space.  What else can you do?

It's actually quite simple. Just double encode the entity to "&amp;lt;" before sending it to the browser.

For good measure, do the same for "&gt;"


I'm still not 100% on what causes this problem, because it only happened on one particular site that I was working with.

I think it may have to do with the content areas being in a jQuery UI tab that was initially hidden.


Furken #1 2950 days ago
HiI have been trying to imipnmelt this. at first i thought there was a simple typo error with the path to the script when it should be <script language="Ějavascript" type="Ětext/javascript" src="Ě../tinymce/jscripts/tiny_mce/tiny_mce.js"> anyway this is what i interprited, copy the directory tinymce from the archive to the root of indexu. so i did ammend the path to but this didnt work either. Checked the html example that came with the archive and that worked! so i checked the example code and tested that in my indexu header.html but no matter what i do i cant get it to work, really anoying, :Owould the call to the tiny_mce.js work in say add_form.html instead of the header.html also
Carl Champagne #2 2950 days ago
Hi Furken,

I'm not sure if I follow completely, but I may have an idea. Can you open tiny_mce.js (wherever you ended up putting it) directly in your browser? Sometimes I have found when copying archives directly into my sites, I need to change the file/folder ownership and occasionally even the permissions.

Browsers won't make a big deal and will load a script tag from anywhere on the page. Just keep in mind that script calls are blocking actions and temporarily stop the rest of the page from loading while they download. Anything that doesn't have to be there before the page is rendered is recommended to go just before the closing body tag. Depending on the scale and scope of the site, this may or may not be that big of an issue.

Post a comment

(optional, will not be displayed)
If you can see this field, please leave it blank, or your comment will not be submitted

Photo of Carl

About Carl

Web Programmer. Shutterbug. New Father. Enjoying life in New Zealand.

Read more

Facebook  LinkedIn  Twitter

Recent Activity


Photo Tags