This shows you the differences between two versions of the page.
| — |
glfusion:htmlfilter [2010/06/30 14:02] (current) Mark created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== HTML Filtering ====== | ||
| + | |||
| + | glFusion utilizes the excellent tool [[http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php|htmLawed]], PHP code to purify & filter HTML. htmLawed is used to filter, secure & sanitize HTML in comments, stories, or forum posts, generate XML-compatible feed items from web-page excerpts, convert HTML to XHTML, pretty-print HTML, scrape web-pages, reduce spam, remove XSS code, etc. | ||
| + | |||
| + | By default, the glFusion HTML filter is configured to permit the following HTML elements: | ||
| + | |||
| + | a, abbr, acronym, address, applet, area, b, bdo, big, blockquote, br, button, | ||
| + | caption, center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, | ||
| + | fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, img, input, ins, isindex, | ||
| + | kbd, label, legend, li, map, menu, noscript, ol, optgroup, option, p, param, | ||
| + | pre, q, rb, rbc, rp, rt, rtc, ruby, s, samp, select, small, span, strike, strong, | ||
| + | sub, sup, table, tbody, td, textarea, tfoot, th, thead, tr, tt, u, ul, var | ||
| + | |||
| + | There are only 2 configuration settings that control how the filter works: | ||
| + | |||
| + | * Skip HTML Filter for Root - Simply skips all filtering for root users | ||
| + | * Allow Embed HTML Tag - Allow the embed / object tags which are used to embed videos such as YouTube into a web page. | ||
| + | |||
| + | Generally, there is no need to customize the HTML filter as the standard settings are usually sufficient. But, there are cases where a site admin may need or desire more control. In this case, **glFusion v1.2.0.pl5** and above provides a hook into the filter configuration to allow you to set specific elements to include or exclude. | ||
| + | |||
| + | |||
| + | In the **siteconfig.php** file, you can specify overrides to the HTML filtering configuration. There are two configuration options: | ||
| + | |||
| + | * $_SYSTEM['filterOverride'] - HTML filter configuration applied to **ALL** users. | ||
| + | * $_SYSTEM['RootFilterOverride'] - HTML filter configuration applied only to **ROOT** users. | ||
| + | |||
| + | While these hooks allow you to completely change any of the htmLawed configuration options, it is recommended that you only change the allowed HTML elements. | ||
| + | |||
| + | To allow **Root** users to use the **iframe** element, you would do the following: | ||
| + | |||
| + | $_SYSTEM['RootFilterOverride'] = array('elements' => '*+iframe'); | ||
| + | |||
| + | This tells the HTML filter to use the existing set of elements (the *) and then the **+iframe** tells it to add iframe to the allowed list. | ||
| + | |||
| + | Another example, if you wanted to remove the ability to use the HTML textarea element, you would do the following: | ||
| + | |||
| + | $_SYSTEM['filterOverride'] = array('elements' => '*-textarea'); | ||
| + | |||
| + | This tells the filter to use the existing set of elements (the *) and then remove the textarea element (-textarea). | ||
| + | |||
| + | If you need additional help developing a custom set of elements, please post your questions in the [[http://www.glfusion.org/forum/index.php?forum=28|glFusion Support Forum]] | ||
