HomeBlogskendall.totten's Blog › Blog Post ›

<Span> the divide between Full and Filtered HTML

kendall.totten's picture
Submitted by kendall.totten on 12 July, 2010 - 13:57
in

When it came to WYSIWYG Editor Input Formats,  there was always a great divide between Filtered HTML and Full HTML. Full HTML is intended for admin use only because it allows any HTML tags and attributes to be used. The Filtered HTML format lets authenticated and/or anonymous users add content safely by limiting the allowed HTML tags that could potentially be harmful to the site, or to the design. 

But sooner or later, authenticated users may want to add just a little color to their text, or perhaps indent something. What then? Do you give them full, unabridged, wanton access to every style and tag imaginable and hope for the best? Or is there some middle ground?

Enter WYSIWYG Filter. This gem of a module allows you to specify which styles you'd like to give users access to, without opening the floodgates.
 

WYSIWYG Filter Module Admin Page


Here are some helpful installation tips:

  1. After enabling the WYSIWYG Filter module, head over to Site Configuration > Input Formats and click on Configure for the Full HTML type.
  2. Scroll down to Filters and uncheck all other HTML filters, except for WYSIWYG Filter.
  3. Click Save Configuration and then click on the Configure tab at the top.
  4. The WYSIWYG Filter allows you to specify which elements and attributes you'd like to allow. Here's my list:

    img[!src|width|height|alt|title|style|class], a[href|style|target|name|id], div[align], p[align|class|style], span[class|style],
    br, em, strong, cite, code, blockquote, ul, ol, li, dl, dt, dd, h1, h2, h3, h4, h5, h6, u, b, i

    Important note: If you are allowing style and class as attributes like I did, you will need to list allowed styles under Advanced Rules. Because you cannot begin a class with a wild card, if you want to allow all classes, you must list each letter followed by an asterisk, like so:

    a*, b*, c*, d*, e*, f*, g*, h*, i*, j*, k*, l*, m*, n*, o*, p*, q*, r*, s*, t*, u*, v*, w*, x*, y*, z*
     

  5. Under Style Properties, throw a party and check off whichever properties you'd like to allow users access to. It 's worth mentioning here that there's a Drupal module called Checkall that can help you check off lots of these boxes at once.
  6. There are additional settings you can adjust under Advanced Rules and Spam link deterrent settings. Your site's domain will be automatically added to the whitelist, but you'll probably need to add /* to allow internal links as well. 
     

Hopefully this will solve many of your input format woes, although you'll probably still get the occasional user who insists on being able to make their text 16pt, Comic Sans. Good luck.

Sources: WYSIWYG Tips And Tricks, WYSIWYG Filter Guide

Comments

Submitted by deko web tasarım (not verified) on 21 August, 2010 - 22:26.

thanks for sharing, nice article..

Deko Web Tasarim

Submitted by Masoud (not verified) on 26 November, 2010 - 05:55.

This was a great help.
Thank you

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Switchback Caravan logo

Caravan is a powerful and full-featured membership management system, designed specifically for membership- driven organizations.

Caravan Member Managment

Switchback Trailhead logo

Trailhead is a Drupal-based system, built with the features smaller businesses need, bundled together into a ready-to-launch package.

Trailhead CMS Packages

On the Trail Blog