Saturday, October 20, 2012

Drupal Extended Filtered HTML tags

In Drupal (no matter the version), content editing uses text filters to "sanitize" the output. The text format contains filters that change the user input, for example stripping out malicious HTML or making URLs clickable. One of these filters is "Filtered HTML"; Due to security reasons, enabling Full HTML is only an option for trusted users.

But the default set of allowed HTML tags for "Filtered HTML" is quite narrow and limited. So, the first thing to do is to extend the list of allowed tags to:

<a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <<sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>  

But remember, "Filtered HTML" not only strips disallowed tags, but also strips inline style definitions.

1 comment: