[development] How to control HTML user input preserving the "style" attributes?

Leo Burd leob at media.mit.edu
Mon Oct 23 15:20:37 UTC 2006

Hello Moshe, thanks for your message.

I've already added a bunch of tags to the HTML filter, but the filter always 
removes the "style" attributes of those tags.  I believe filter.module does 
that for security reasons.  I'm just trying to figure out an alternative 
solution for that...



----- Original Message ----- 
From: "Moshe Weitzman" <weitzman at tejasa.com>
To: <development at drupal.org>
Sent: Monday, October 23, 2006 11:01 AM
Subject: Re: [development] How to control HTML user input preserving the 
"style" attributes?

> Leo Burd wrote:
>> Hello there,
>> I am creating an about_me.module to provide users with a customizable 
>> "about me" page.  That page is to be very simple: a title field and a 
>> textarea for users to write whatever they want.  Ideally, users should be 
>> able to customize their pages either by writing directly in HTML or by 
>> using TinyMCE.
>> The problem that I'm having is that the formatting added by TinyMCE 
>> (especially the "style" attributes) are being filtered out by 
>> filter.module. An alternative would be to not filter the HTML tags at 
>> all, but I'm afraid that would add potential risks to my website. Is 
>> there any solution for this problem? What would you recommend?
>> Thanks in advance,
>> Leo
> the tinymce docs recommend using full html input format. if you don't want 
> that, just add a while bunch of tags to the allowed tags list for filtered 
> html input format.

More information about the development mailing list