[support] How to have format default to paragraph - tinyMCE
Heine Deelstra
hdeelstra at gmail.com
Tue Feb 20 16:42:48 UTC 2007
Victor Kane wrote:
> You must either change the default input filter to full html, or else
> edit the off-the-shelf default "filtered html" to include the basic tags
> users create with tinyMCE.
I sometimes wonder why we even bother doing <http://drupal.org/security>.
Unless you are the only user posting on the site, setting Full HTML as the
default input format is both 1) the easy way out and 2) insecure.
1. You can simply investigate which tags are needed and add those to the HTML
filter.
2. Insecure, because you allow all users to execute cross site scripting attacks.
Regards,
Heine
More information about the support
mailing list