[support] HTML Filters

Carl Wiedemann carl.wiedemann at gmail.com
Sat Jan 8 01:48:20 UTC 2011 

Using Full HTML is also a security risk for cross site scripting and cross site request forgeries.

Keep in mind that input formats are node-specific at the time the node is saved. Changing the default format will not affect saved nodes.

The editor may also affect submitted data.

Sent from my iPhone

On Jan 7, 2011, at 17:14, Bill Fitzgerald <bill at funnymonkey.com> wrote:

> I would recommend - strongly - against enabling the PHP input format. This opens up some enormous security risks, and from what you are describing this is overkill for your use case.
> 
> If you aren't using it already, I would recommend using the WYSIWYG API for your site: http://drupal.org/project/wysiwyg
> 
> Edit your node, and make sure that you have chosen the correct input format.
> 
> It's also possible that your WYSIWYG editor is clobbering your html; when you edit the node, turn off the editor and make sure that your original markup is still intact.
> 
> This page has more info on configuring input formats: http://drupal.org/handbook/modules/filter
> 
> Please feel free to ping back with any additional questions.
> 
> Cheers,
> 
> Bill
> 
> On 1/7/11 4:28 PM, Joel Willers wrote:
>> 
>> You can make a special filter that might help you out.  Otherwise, set it to PHP (you have to have PHP enabled in the modules area).
>>  
>> Hope that helps!
>>  
>> Joel Willers  |  IT Developer
>> Innova Ideas & Services  |  A SIGLER COMPANY
>> 
>>  
>> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On Behalf Of rebu2008-dru at yahoo.com
>> Sent: Friday, January 07, 2011 5:59 PM
>> To: support at drupal.org
>> Subject: Re: [support] HTML Filters
>>  
>> I'm new to Drupal as well, but I just guessing that its the CSS in the theme that you are using. Can you navigate to the page in your browser and then view the source? In Firefox, it is in the menu as 'View' > 'Page Source'. You should be able to see your HTML elements and attributes. If not, then they really have been stripped somehow. If they are there, then it is likely a CSS problem, assuming that your HTML is valid.
>> --ross
>>  
>> From: Alison <penguin at alisoncc.com>
>> To: support at drupal.org
>> Sent: Fri, January 7, 2011 5:21:48 PM
>> Subject: [support] HTML Filters
>> 
>> Hi, 
>> 
>> very much a newbie who feels that she is constantly "fighting" Drupal to get it to do what she wants it to do.
>> 
>> Fairly simple "home" page before members log on and get all the complicated stuff - list of events, accepting bookings for same and the like - with Views, Flags, Tokens etc.
>> 
>> CKEditor installed and fully operational. "Full HTML" selected and all "Input Filters" disabled on "Input Formats" page. Yet when displaying the page much of the HTML formatting I have implemented has been stripped off. Nothing special just paragraph alignment - simple stuff like text centering, etc.  Looks fine when editing, but preview and much of it has gone. As it does when seen by a visitor. Tried it with CKEditor disabled and plain text editor selected . Doesn't seem to make any difference - formatting still gets stripped.
>> 
>> Not much point in using a wysiwyg style editor if Drupal strips all the functionality out. Also when using CHEditor the edit box has the same background as the main site, which makes life difficult if it's a dark background and the text one is editing is black. Would appreciate some clues.
>> 
>> Alison
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -- 
>> [ Drupal support list | http://lists.drupal.org/ ]
> 
> -- 
> [ Drupal support list | http://lists.drupal.org/ ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20110107/d72dc7cd/attachment-0001.html

More information about the support mailing list