Many areas in glFusion allow user's to enter data, in many cases, HTML formatted input. Allowing user submitted HTML input can cause security concerns if not properly managed. As a result, glFusion utilizes HTML Purifier to filter user submitted content. HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant.
The key concept here is that HTML Purifier, thus glFusion, uses a whitelist of allowed HTML. It is always safer to state what is allowed than it is to try and determine what is not allowed.
Because of the whitelist approach - we have to configure glFusion to allow certain HTML tags in order for everything to work properly. To provide as much flexibility as possible, glFusion has broken up the filtering into categories of users / content:
- Default set of allowed HTML
- This is the HTML we will allow anywhere. This would be the base set of tags that all inputs would allow.
- HTML allowed in comments
- In addition to the default set, this is the HTML that is allowed in comments.
- HTML allowed in stories
- In addition to the default set, this is the HTML that is allowed in stories, including story submissions and Admin entered stories.
- Additional HTML allowed for Root users
- Finally, if your are a Root user, this is the HTML that you can use in addition to the default and the comment or story HTML above.
You might wonder why we would filter HTML for Root users, they should be able to enter whatever they want. One of the key benefits of HTML Purifier is that it will fix bad HTML, making it standards compliant, which is important for our users and search engines. There is an option to skip the HTML filter for Root users, but it is recommended that you not do this.
The default white lists for each area are:
HTML allowed in comments
HTML allowed in stories
HTML allowed for Root
As you can see, we have a pretty large whitelist for stories. This is due to the fact that we need to have a lot of flexibility and control over the story layout / content and do not want to restrict the user too much.
Let's look at an example of one of the whitelist entries to understand how they work:
This will whitelist the <img> tag, but it also whitelists several attributes that can be part of an <img> tag. We would allow the following attributes on the image tag:
|style||The style=“” attribute|
|align||align=“left” or align=“right”|
There are several other attributes that could be used on an <img> tag, but we do not allow them. For example, if a user entered:
<img src="http://www.glfusion.org/image/logo.png" border="5">
HTML Purifier would apply our whitelist above and output the following:
Notice the border=5 was removed because it was not in our white list.
If you need additional help developing a custom set of elements, please post your questions in the glFusion Support Forum