Greg, That was exactly what I needed. I was able to add a few tags to the default role and revert the changes made to core. Thanks so much, and also for the great links. -- Cheers, Jon Antoine www.antoinesolutions.com On Mon, Sep 8, 2008 at 8:03 AM, Greg Knaddison - GVS <Greg@growingventuresolutions.com> wrote:
On Sat, Sep 6, 2008 at 12:27 AM, Jon Antoine <antoinesolutions@gmail.com> wrote:
I am trying to crate profile fields that allow full HTML output. I have struggled with this for a long time and finally came up with a solution I am not happy with. After tracking it down, I found on line 560 in the profile.module file that the field value is being passed through check_markup function which is filtering out a lot of the HTML. I ended up replacing the check_markup call with a filter_xss_admin call, but I hate that I had to modify core to accomplish this. Can anyone suggest a better workaround to this problem? I would greatly appreciate it.
The call to check_markup without a specified filter (as it is in profile.module) will use whichever filter format is the default for the site. So, if you wish to change which tags are filtered or not you can modify your default input filter.
I will caution you that bad configuration and improper use of input formats can lead to security holes. Two resources on the subject: http://drupal.org/node/224921 and http://heine.familiedeelstra.com/input-formats-beware
Regards, Greg
-- Greg Knaddison Denver, CO | http://knaddison.com | 303-800-5623 Growing Venture Solutions, LLC | http://growingventuresolutions.com