I sat down and collected a list of how things are filtered in Drupal 7 core as of today. I grouped the table based on different formatting used. Part of the wishlist for Drupal 7 is to make format support available for things like the site mission or footer message as well as clean up the filter usage of other texts. This table shows some anomalies like the user signature changing input formats depending on comment formatting, or action descriptions not escaped but filter_xss_admin()-ed. These probably need more discussion and insight. Check the table below.
|
|
|
|
|
|
|
| Input text type
| Format used
| Place stored
| Note
|
|
| block body
| selector
| boxes/body and format
|
|
|
| comment body
| selector
| comments/comment and format
|
|
|
| node body
| selector
| node/body and format
|
|
|
| node teaser
| selector (shared with body)
| node/teaser and format
|
|
|
| textarea type profile fields
| always default input format
| profile_values/value
|
|
|
| user signatures
| selector (same as comment body format)
| user/signature and comment/format
| tied to comment body, which has varied format
|
|
|
|
|
|
|
|
| action descriptions
| filter_xss_admin
| actions/description
| varchar!
|
|
| site offline message
| filter_xss_admin
| variable
|
|
|
| form.inc required field title
| filter_xss_admin
| php code by default
| why?
|
|
| site mission
| filter_xss_admin
| variable
|
|
|
| footer message
| filter_xss_admin
| variable
|
|
|
| contact form help
| filter_xss_admin
| variable
|
|
|
| forum description
| filter_xss_admin
| term_data/description
|
|
|
| node type description
| filter_xss_admin
| node_type/description
|
|
|
| node type help
| filter_xss_admin
| node_type/help
|
|
|
| term description
| filter_xss_admin
| term_data/description
|
|
|
| user registration help
| filter_xss_admin
| variable
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
| node revision logs
| filter_xss
| node_revisions/log
|
|
|
| node title, body, teaser (when user message action is invoked)
| filter_xss
| node table
| why?
|
|
|
|
|
|
|
|
| aggregator item description
| aggregator_filter_xss
| aggregator_feed/description
|
|
|
| aggregator feed description
| aggregator_filter_xss
| aggregator_item/description
| |
|
