[development] How to control HTML user input preserving the "style" attributes?

inkfree press inkfree at gmail.com
Mon Oct 23 15:16:39 UTC 2006

"Moshe Weitzman" wrote:

> Leo Burd wrote:
>> Hello there,
>> I am creating an about_me.module to provide users with a customizable
>> "about me" page.  That page is to be very simple: a title field and a
>> textarea for users to write whatever they want.  Ideally, users should
>> be able to customize their pages either by writing directly in HTML or
>> by using TinyMCE.
>> The problem that I'm having is that the formatting added by TinyMCE
>> (especially the "style" attributes) are being filtered out by
>> filter.module. An alternative would be to not filter the HTML tags at
>> all, but I'm afraid that would add potential risks to my website. Is
>> there any solution for this problem? What would you recommend?
>> Thanks in advance,
>> Leo
> the tinymce docs recommend using full html input format. if you don't want
> that, just add a while bunch of tags to the allowed tags list for filtered
> html input format.

Or read the thread you cross-posted to 'Support' (please pick one, first,
and then post to the other after some reasonable time if you get no reply).

There are already modules which do this.  Gabor and I provided you with a
few references so that you won't have to waste your time.


More information about the development mailing list