Won't fix Security Error through editor while switching Rich Text to BBCode


Well-known member
Some add-ons utilize the Redactor Editor in the ACP.
The following setting produces the infamous security error ("Security Error – hit back, refresh page" etc)
  1. Login to the front end as some test user*
  2. New browser tab, login to the ACP as admin*
  3. Visit add-on page with redactor text editor
  4. Click the switch button to switch from rich text to bbcode input
*It's important that these are two different users to reproduce the error.

Contrary to the above, if you login into the ACP and frontend as the SAME USER, this error will not come.

I tested it on Safari and FireFox and can reproduce it every time. I also have the feeling that this is a Redactor bug, because it only happens with the standard XF editor. Chris D's Notices add-on uses another version and there you do not have the error. But NixFifty Tickets and XenMade Advanced Rules for example do use the XF standard and have that problem.
This is very much an edge case. I don't think we're going to take any particular steps to resolve it. We don't really assume that the RTE will be used in the ACP and we definitely expect that you'll be logged into both areas as the same user. A fix would likely require duplicating all editor related actions to the ACP and having the JS switch URLs dynamically.
Top Bottom