Posted by joyseeker on June 25, 2010 at 8:30pm
I have wysiwyg and CKEditor and added the wysiwyg filter. When I use the font-size and font-family buttons in CKEditor, the formatting shows correctly in the creation, but not in the display, so it seems the HTML tags are being stripped.
Rich text from the text box shows the following tags being used:
Testing 2 more testing
P, span and strong are all in the default listing of allowing tags in wysiwyg. I added span[style<font-size?font-family], to the "HTML elements and attributes: " section. The font tags are also checked in the "Style Properties" wysiwyg area.
The tags are still being stripped in the display.
My guess is there's a setting I haven't checked. Any suggestions why the tags are being stripped?
Comments
WYSIWYG editor is stripping tags -- taking out actual tags
[If only I could think like Drupal does -- in my first post I put actual tags and of course they were stripped here -- so I put "--" now in my example. Sorry.)
I have wysiwyg and CKEditor and added the wysiwyg filter. When I use the font-size and font-family buttons in CKEditor, the formatting shows correctly in the creation, but not in the display, so it seems the HTML tags are being stripped.
Rich text from the text box shows the following tags being used: --p-- --span style="font-size: 20px;"><span style="font-family: comic sans ms,cursive;"-- --strong--Testing 2 more testing--/strong-- --/span-- --/span-- --/p--
P, span and strong are all in the default listing of allowing tags in wysiwyg. I added span[style<font-size?font-family], to the "HTML elements and attributes: " section. The font tags are also checked in the "Style Properties" wysiwyg area.
The tags are still being stripped in the display.
My guess is there's a setting I haven't checked. Any suggestions why the tags are being stripped?
I don't believe the core HTML
I don't believe the core HTML filter can whitelist "style". You'll need a replacement for the core HTML filter that comes with Drupal.
There's a discussion at http://drupal.org/node/454408 about the http://drupal.org/project/wysiwyg_filter module which is one alternative.
I tried the http://drupal.org/project/htmlpurifier module and library and found it to be a bit heavy and complicated.
I am now using http://drupal.org/project/htmLawed and I find it to be a nice balance. It's powerful and configurable, but not too complicated if you just want to allow a few WYSIWYG friendly tags while filtering all the harmful stuff by default.
As brianmercer already
As brianmercer already pointed out this is to be related to input filters. If you want to better understand how Drupal works, just remember that the input that the editor displays is send to Drupal and Drupal will filter it based on it's own filter configuration. For example if only some HTML tags with some attributes are allowed and the font tag and the style attribute for example not, then it gets filtered out. But only then.
So it's your configuration which can make the difference. You can for example create / use the "Full HTML" filter (I dunno if this is a preset it only contains HTML corrector and URL-Filter here) it works pretty well together with any wysiwyg component I used so far.
If in doubt, create a filter which does not filter anything ("AS-IS HTML") and then you're open to any kind of injection but that means that those user allowed to use that filter can create any kind of HTML with any kind of editor as well. Give it to trusted users only.