Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9adc940a67
Branches Tags
materio-base...
/
sites
/
all
/
modules
/
contrib
/
editor
/
wysiwyg_filter
/
README.txt

README.txt 3.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    2. 

  2. ;; WYSIWYG Filter module for Drupal
    3. 

  3. ;;
    4. 

  4. ;; Original author: markus_petrux at drupal.org (October 2008)
    5. 

  5. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    6. 

  6. 

  7. OVERVIEW
    8. 

  8. ========
    9. 

  9. 

  10. The WYSIWYG Filter module provides an input filter that allows site
    11. 

  11. administrators configure which HTML elements, attributes and style properties
    12. 

  12. are allowed. It also may add rel="nofollow" to posted links based on filter
    13. 

  13. options. It can do so with no additional parsing on user input. That is, it may
    14. 

  14. apply nofollow rules while parsing HTML elements and attributes.
    15. 

  15. 

  16. The filter is based on whitelists that can be defined from the filter settings
    17. 

  17. panel. Rules for HTML element and attributes are defined using the same syntax
    18. 

  18. of the TinyMCE valid_elements option.
    19. 

  19. 

  20. The following elements cannot be whitelisted due to security reasons, to
    21. 

  21. prevent users from breaking site layout and/or to avoid posting invalid HTML.
    22. 

  22. Forbidden elements: applet, area, base, basefont, body, button, embed, form,
    23. 

  23. frame, frameset, head, html, iframe, input, isindex, label, link, map, meta,
    24. 

  24. noframes, noscript, object, optgroup, option, param, script, select, style,
    25. 

  25. textarea, title.
    26. 

  26. 

  27. The section used to whitelist style properties is pretty simple. You just check
    28. 

  28. the properties you need from a list where almost all style properties are
    29. 

  29. organized into logical groups (Color and Background properties, Font, Text,
    30. 

  30. Box, Table, List, ...). The WYSIWYG Filter will strip out style properties not
    31. 

  31. explicitly enabled. On the other hand, for allowed style properties the WYSIWYG
    32. 

  32. Filter will check their values for strict CSS syntax (based on regular
    33. 

  33. expressions) and strip out those that do not match. Additional matching rules
    34. 

  34. are explicitly required for properties that may contain URLs in their values
    35. 

  35. ("background", "background-image", "list-style" and "list-style-image"). If
    36. 

  36. rules don't match, these style properties will be ignored from user input.
    37. 

  37. 

  38. When the "id" and "class" attributes have been whitelisted, it is also required
    39. 

  39. to specify explicit rules that will be used to validate user input, and again,
    40. 

  40. those that don't match will be stripped out.
    41. 

  41. 

  42. As a measure to reduce the effectiveness of spam links, it is often recommended
    43. 

  43. to add rel="nofollow" to posted links leading to external sites. The WYSIWYG
    44. 

  44. Filter can easily do this for you while HTML is being processed with almost no
    45. 

  45. additional performance impact. There is a section in the filter settings panel
    46. 

  46. where a white/back list policy can be defined per domain name (the host part in
    47. 

  47. the URLs).
    48. 

  48. 

  49. 

  50. INSTALLATION
    51. 

  51. ============
    52. 

  52. 

  53. For module installation instructions please see:
    54. 

  54. http://drupal.org/documentation/install/modules-themes/modules-7
    55. 

  55. 

  56. 

  57. CONFIGURATION
    58. 

  58. =============
    59. 

  59. 

  60. After installation you can configure the WYWIWYG filter:
    61. 

  61. 

  62. 1) On your site visit Admin > Configuration > Text formats (under 'Content
    63. 

  63.    authoring'): admin/config/content/formats
    64. 

  64. 

  65. 2) Add a new text format, or configure the existing text format that you would
    66. 

  66.    like to apply the WYSIWYG filter to.
    67. 

  67. 

  68. 3) Tick the 'WYSIWYG filter' option under 'Enabled filters'.
    69. 

  69. 

  70. 4) Configure the WYSIWYG filter options to suit your needs under the 'Filter
    71. 

  71.    settings' heading and save when done.
    72. 

  72. 

  73. Note: Be aware of the 'Filter processing order'. WYSIWYG Filter should normally
    74. 

  74. be arranged above the 'HTML Corrector' if it is being used.
    75. 

  75. 

  76. 

  77. SECURITY ISSUES
    78. 

  78. ===============
    79. 

  79. 

  80. - To report security issues, do not use the issue tracker of the module.
    81. 

  81.   Instead, please contact the Drupal Security Team or the WYSIWYG Filter
    82. 

  82.   module developer (preferred).
    83. 

  83. 

  84. - To contact the WYSIWYG Filter module developer:
    85. 

  85.   http://drupal.org/user/39593
    86. 

  86.   http://drupal.org/user/39593/contact
    87. 

  87. 

  88. - To contact the Drupal Security Team:
    89. 

  89.   http://drupal.org/security-team
    90. 

  90. 

  91. - For any other kind of issue (support or feature requests, bug reports,
    92. 

  92.   translations, etc.), please, use the issue tracker of the module:
    93. 

  93.   http://drupal.org/project/issues/wysiwyg_filter
    94.