[development] Full HTML output in profile fields of type textarea
Greg Knaddison - GVS
Greg at GrowingVentureSolutions.com
Mon Sep 8 15:03:16 UTC 2008
On Sat, Sep 6, 2008 at 12:27 AM, Jon Antoine <antoinesolutions at gmail.com> wrote:
> I am trying to crate profile fields that allow full HTML output. I
> have struggled with this for a long time and finally came up with a
> solution I am not happy with. After tracking it down, I found on line
> 560 in the profile.module file that the field value is being passed
> through check_markup function which is filtering out a lot of the
> HTML. I ended up replacing the check_markup call with a
> filter_xss_admin call, but I hate that I had to modify core to
> accomplish this. Can anyone suggest a better workaround to this
> problem? I would greatly appreciate it.
The call to check_markup without a specified filter (as it is in
profile.module) will use whichever filter format is the default for
the site. So, if you wish to change which tags are filtered or not
you can modify your default input filter.
I will caution you that bad configuration and improper use of input
formats can lead to security holes. Two resources on the subject:
http://drupal.org/node/224921 and
http://heine.familiedeelstra.com/input-formats-beware
Regards,
Greg
--
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com
More information about the development
mailing list