[development] How to control HTML user input preserving the "style" attributes?

Moshe Weitzman weitzman at tejasa.com
Mon Oct 23 15:01:05 UTC 2006

Leo Burd wrote:
> Hello there,
> I am creating an about_me.module to provide users with a customizable 
> "about me" page.  That page is to be very simple: a title field and a 
> textarea for users to write whatever they want.  Ideally, users should 
> be able to customize their pages either by writing directly in HTML or 
> by using TinyMCE.
> The problem that I'm having is that the formatting added by TinyMCE 
> (especially the "style" attributes) are being filtered out by 
> filter.module. An alternative would be to not filter the HTML tags at 
> all, but I'm afraid that would add potential risks to my website. Is 
> there any solution for this problem? What would you recommend?
> Thanks in advance,
> Leo

the tinymce docs recommend using full html input format. if you don't want 
that, just add a while bunch of tags to the allowed tags list for filtered 
html input format.

More information about the development mailing list