back to

CKEditor protectedSource configuration


I tried to add protected source to the “CKEditorPlugin.php” file as follows:

$settings[] = ‘protectedSource: ["/<?[\s\S]??>/g", "/(?:<iframe[^>])(?:(?:/>)|(?:>.*?</iframe>))/gi"]’; // Allow PHP code. Allow no-iframe code between tags

It doesn’t seem to be working, as I see PHP code commented out in the editor after I insert it, also


@mailer You have got the syntax slightly wrong, and need to escape special characters.
This works for me to exclude <code> elements and php code

    $settings[] = "protectedSource: [/<code>[\s\S]*?<\/code>/gi,/<\?php>[\s\S]*?\?>/gi]";

<p><code>this cannot be edited</code><?php> neither can this ?>but this can be edited</p>

Sorry I go the php one wrong. But it is better to put this in a custom config file with a different syntax


Thank you Duncanc. It worked in the CKEditorPlugin.php file.

I think using a customized config.js file requires a standalone installation of the editor rather than the hosted version currently used in the phplist.

No, it is not dependent on from where ckeditor is loaded.
You just need to create a file with the additional settings then on the Settings page enter the URL to that file.