Differences

This shows you the differences between two versions of the page.

Link to this comparison view

glfusion:htmlfilter [2010/06/30 14:02] (current)
Mark created
Line 1: Line 1:
 +====== HTML Filtering ======
 +
 +glFusion utilizes the excellent tool [[http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php|htmLawed]], PHP code to purify & filter HTML.  htmLawed is used to filter, secure & sanitize HTML in comments, stories, or forum posts, generate XML-compatible feed items from web-page excerpts, convert HTML to XHTML, pretty-print HTML, scrape web-pages, reduce spam, remove XSS code, etc.
 +
 +By default, the glFusion HTML filter is configured to permit the following HTML elements:
 +
 +  a, abbr, acronym, address, applet, area, b, bdo, big, blockquote, br, button,
 +  caption, center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, 
 +  fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, img, input, ins, isindex, 
 +  kbd, label, legend, li, map, menu, noscript, ol, optgroup, option, p, param, 
 +  pre, q, rb, rbc, rp, rt, rtc, ruby, s, samp, select, small, span, strike, strong,
 +  sub, sup, table, tbody, td, textarea, tfoot, th, thead, tr, tt, u, ul, var
 +
 +There are only 2 configuration settings that control how the filter works:
 +
 +  * Skip HTML Filter for Root - Simply skips all filtering for root users
 +  * Allow Embed HTML Tag - Allow the embed / object tags which are used to embed videos such as YouTube into a web page.
 +
 +Generally, there is no need to customize the HTML filter as the standard settings are usually sufficient.  But, there are cases where a site admin may need or desire more control.  In this case, **glFusion v1.2.0.pl5** and above provides a hook into the filter configuration to allow you to set specific elements to include or exclude.
 +
 +
 +In the **siteconfig.php** file, you can specify overrides to the HTML filtering configuration.  There are two configuration options:
 +
 +  * $_SYSTEM['filterOverride'] - HTML filter configuration applied to **ALL** users.
 +  * $_SYSTEM['RootFilterOverride'] - HTML filter configuration applied only to **ROOT** users.
 +
 +While these hooks allow you to completely change any of the htmLawed configuration options, it is recommended that you only change the allowed HTML elements.
 +
 +To allow **Root** users to use the **iframe** element, you would do the following:
 +
 +  $_SYSTEM['RootFilterOverride'] = array('elements' => '*+iframe');
 +
 +This tells the HTML filter to use the existing set of elements (the *) and then the **+iframe** tells it to add iframe to the allowed list.
 +
 +Another example, if you wanted to remove the ability to use the HTML textarea element, you would do the following:
 +
 +  $_SYSTEM['filterOverride'] = array('elements' => '*-textarea');
 +
 +This tells the filter to use the existing set of elements (the *) and then remove the textarea element (-textarea).
 +
 +If you need additional help developing a custom set of elements, please post your questions in the [[http://www.glfusion.org/forum/index.php?forum=28|glFusion Support Forum]]
  
glfusion/htmlfilter.txt · Last modified: 2010/06/30 14:02 by Mark
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3