[development] Full HTML output in profile fields of type textarea
Jon Antoine
antoinesolutions at gmail.com
Mon Sep 8 16:19:23 UTC 2008
Greg,
That was exactly what I needed. I was able to add a few tags to the
default role and revert the changes made to core. Thanks so much, and
also for the great links.
--
Cheers,
Jon Antoine
www.antoinesolutions.com
On Mon, Sep 8, 2008 at 8:03 AM, Greg Knaddison - GVS
<Greg at growingventuresolutions.com> wrote:
> On Sat, Sep 6, 2008 at 12:27 AM, Jon Antoine <antoinesolutions at gmail.com> wrote:
>> I am trying to crate profile fields that allow full HTML output. I
>> have struggled with this for a long time and finally came up with a
>> solution I am not happy with. After tracking it down, I found on line
>> 560 in the profile.module file that the field value is being passed
>> through check_markup function which is filtering out a lot of the
>> HTML. I ended up replacing the check_markup call with a
>> filter_xss_admin call, but I hate that I had to modify core to
>> accomplish this. Can anyone suggest a better workaround to this
>> problem? I would greatly appreciate it.
>
> The call to check_markup without a specified filter (as it is in
> profile.module) will use whichever filter format is the default for
> the site. So, if you wish to change which tags are filtered or not
> you can modify your default input filter.
>
> I will caution you that bad configuration and improper use of input
> formats can lead to security holes. Two resources on the subject:
> http://drupal.org/node/224921 and
> http://heine.familiedeelstra.com/input-formats-beware
>
> Regards,
> Greg
>
> --
> Greg Knaddison
> Denver, CO | http://knaddison.com | 303-800-5623
> Growing Venture Solutions, LLC | http://growingventuresolutions.com
>
More information about the development
mailing list