[development] How to control HTML user input preserving the "style" attributes?
Moshe Weitzman
weitzman at tejasa.com
Mon Oct 23 15:01:05 UTC 2006
Leo Burd wrote:
> Hello there,
>
> I am creating an about_me.module to provide users with a customizable
> "about me" page. That page is to be very simple: a title field and a
> textarea for users to write whatever they want. Ideally, users should
> be able to customize their pages either by writing directly in HTML or
> by using TinyMCE.
>
> The problem that I'm having is that the formatting added by TinyMCE
> (especially the "style" attributes) are being filtered out by
> filter.module. An alternative would be to not filter the HTML tags at
> all, but I'm afraid that would add potential risks to my website. Is
> there any solution for this problem? What would you recommend?
>
> Thanks in advance,
>
> Leo
>
the tinymce docs recommend using full html input format. if you don't want
that, just add a while bunch of tags to the allowed tags list for filtered
html input format.
More information about the development
mailing list