I want to congratulate and thank those that worked to organize FL DrupalCamp this year. It was truly an outstanding job with great presentations all around. I really got a lot out of it.
I also wanted to correct something I mentioned during ultimike's presentation on "Imaging Workflows" before people go home and start banging their heads against a wall trying to figure it out.
I had said that I thought it was possible to add a whitelist of sorts for certain html attributes to pass input filters by adding to a $conf variable in settings.php. Upon looking back at one of my old settings.php files, I realized I was simply confusing what I remembered. What I said is only half true.
For those attributes that are already allowed to pass through the input filters, they have to survive filter_xss_bad_protocol. For instance, src="http://..." is allowed by default; src="mms://..." is filtered out. You can get attributes through that use unusual protocols by adding the PROTOCOL to the $conf variable:
//add MMS, RTSP, & SKYPE protocols to allowed list.
$conf = array(
'filter_allowed_protocols' => array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal', 'mms', 'rstp', 'skype'),
);Sorry for the confusion. I hope I didn't cause people to bang their heads against a wall too hard.
I'm already looking forward to next year's DrupalCamp!
Thanks all!