[support] HTML Filters

Bert Van Kets mailing at vankets.com
Mon Jan 10 10:53:24 UTC 2011 

I was thought that Drupal saved the entered data in the database as is,
unfiltered. The filtering is done on retrieval and rendering.
Your finding conflicts with this.

How is the node content saved in the database then? As entered, or filtered?

Bert

On 08/01/2011 03:21, Alison wrote:
>
> Thanks Carl and others. I think this may be the problem:-
>
> "/Keep in mind that input formats are node-specific at the time the
> node is saved. Changing the default format will not affect saved nodes.
>
> /Been trying to fix the problem after I had saved the page, with now
> understandable results - changing the parameters after the event. Had
> considered the node may have been cached. So cleared that. Tried
> everything other than redesign the page or starting again. Definitely
> a trap for new players. Thanks again.
>
> Alison
>
>
>
>
>
> At 12:48 PM 8/01/2011, you wrote:
>> Using Full HTML is also a security risk for cross site scripting and
>> cross site request forgeries.
>>
>> Keep in mind that input formats are node-specific at the time the
>> node is saved. Changing the default format will not affect saved nodes.
>>
>> The editor may also affect submitted data.
>>
>> Sent from my iPhone
>>
>> On Jan 7, 2011, at 17:14, Bill Fitzgerald <bill at funnymonkey.com
>> <mailto:bill at funnymonkey.com>> wrote:
>>
>>> I would recommend - strongly - against enabling the PHP input
>>> format. This opens up some enormous security risks, and from what
>>> you are describing this is overkill for your use case.
>>>
>>> If you aren't using it already, I would recommend using the WYSIWYG
>>> API for your site: http://drupal.org/project/wysiwyg
>>>
>>> Edit your node, and make sure that you have chosen the correct input
>>> format.
>>>
>>> It's also possible that your WYSIWYG editor is clobbering your html;
>>> when you edit the node, turn off the editor and make sure that your
>>> original markup is still intact.
>>>
>>> This page has more info on configuring input formats:
>>> http://drupal.org/handbook/modules/filter
>>>
>>> Please feel free to ping back with any additional questions.
>>>
>>> Cheers,
>>>
>>> Bill
>>>
>>> On 1/7/11 4:28 PM, Joel Willers wrote:
>>>> You can make a special filter that might help you out.  Otherwise,
>>>> set it to PHP (you have to have PHP enabled in the modules area).
>>>>  
>>>> Hope that helps!
>>>>  
>>>> *Joel Willers  *|  IT Developer
>>>> Innova Ideas & Services  |  A SIGLER COMPANY
>>>>  
>>>> *From:* support-bounces at drupal.org
>>>> <mailto:support-bounces at drupal.org>
>>>> [mailto:support-bounces at drupal.org] *On Behalf Of
>>>> *rebu2008-dru at yahoo.com <mailto:rebu2008-dru at yahoo.com>
>>>> *Sent:* Friday, January 07, 2011 5:59 PM
>>>> *To:* support at drupal.org <mailto:support at drupal.org>
>>>> *Subject:* Re: [support] HTML Filters
>>>>  
>>>> I'm new to Drupal as well, but I just guessing that its the CSS in
>>>> the theme that you are using. Can you navigate to the page in your
>>>> browser and then view the source? In Firefox, it is in the menu as
>>>> 'View' > 'Page Source'. You should be able to see your HTML
>>>> elements and attributes. If not, then they really have been
>>>> stripped somehow. If they are there, then it is likely a CSS
>>>> problem, assuming that your HTML is valid.
>>>> --ross
>>>>  
>>>>
>>>> *From:* Alison <penguin at alisoncc.com <mailto:penguin at alisoncc.com>>
>>>> *To:* support at drupal.org <mailto:support at drupal.org>
>>>> *Sent:* Fri, January 7, 2011 5:21:48 PM
>>>> *Subject:* [support] HTML Filters
>>>>
>>>> Hi,
>>>>
>>>> very much a newbie who feels that she is constantly "fighting"
>>>> Drupal to get it to do what she wants it to do.
>>>>
>>>> Fairly simple "home" page before members log on and get all the
>>>> complicated stuff - list of events, accepting bookings for same and
>>>> the like - with Views, Flags, Tokens etc.
>>>>
>>>> CKEditor installed and fully operational. "Full HTML" selected and
>>>> all "Input Filters" disabled on "Input Formats" page. Yet when
>>>> displaying the page much of the HTML formatting I have implemented
>>>> has been stripped off. Nothing special just paragraph alignment -
>>>> simple stuff like text centering, etc.  Looks fine when editing,
>>>> but preview and much of it has gone. As it does when seen by a
>>>> visitor. Tried it with CKEditor disabled and plain text editor
>>>> selected . Doesn't seem to make any difference - formatting still
>>>> gets stripped.
>>>>
>>>> Not much point in using a wysiwyg style editor if Drupal strips all
>>>> the functionality out. Also when using CHEditor the edit box has
>>>> the same background as the main site, which makes life difficult if
>>>> it's a dark background and the text one is editing is black. Would
>>>> appreciate some clues.
>>>>
>>>> Alison
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> [ Drupal support list | http://lists.drupal.org/ ]
>>>
>>> -- 
>>> [ Drupal support list | http://lists.drupal.org/ ]
>> -- 
>> [ Drupal support list | http://lists.drupal.org/ ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20110110/e10e36fd/attachment-0001.html

More information about the support mailing list