Re: [support] How to have format default to paragraph - tinyMCE

I sometimes wonder why we even bother doing http://drupal.org/security.

Unless you are the only user posting on the site, setting Full HTML as the default input format is both 1) the easy way out and 2) insecure.

1. You can simply investigate which tags are needed and add those to the HTML

filter.

2. Insecure, because you allow all users to execute cross site scripting

attacks.

Ideally, it'd be nice if comments could have their own input format. With the authors of the site, I need them to be able to be able to put in html. With commenters, all I want them to do is plain text.

- jody Sent using the Microsoft Entourage 2004 for Mac Test Drive.