Home » Download » Drupal project » Drupal » Issues

Aggregator should support filter.module

Morbus Iff - December 8, 2004 - 18:36
Project:Drupal
Version:7.x-dev
Component:aggregator.module
Category:feature request
Priority:normal
Assigned:Unassigned
Status:active
Description

The aggregator module in 4.5 and 4.5.1 hardcodes the default "Filtered HTML" filter, as opposed to hooking into the filter.module system itself. This can cause problems for a number of feeds (see http://drupal.org/node/13283 for an example), since [IMG] is not one of the allowed tags. It also greatly causes issues for users of Flickr (see http://flickr.com/forums/help/2943/ for a Drupal specific issue). If aggregator.module could hook into the default filter.module, users would be able to create a "Aggregator" filter which includes tags they'd like to see (like [IMG]). The first stage of the feature should be "support a single filter for all aggregated items" and the second stage should be "support a specific filter for a specific feed, with a default for all unspecified". The default, out of the box, behavior, should be to use the "Filtered HTML" filter.

» Login or register to post comments

#1

Morbus Iff - December 8, 2004 - 18:37
Login or register to post comments

#2

Richard Eriksson - February 14, 2005 - 07:29

I agree that the aggregator should use Drupal's native input formats. In the meantime, though, attached is a patch that at least makes the list of HTML tags that the aggregator alllows configurable.

AttachmentSize
aggregator.module_4.patch 2.05 KB
Login or register to post comments

#3

Richard Eriksson - March 22, 2005 - 19:18

Bump. My patch doesn't 'fix' the feature request, but I got some support from Karl Martino for adding an allowable elements setting for the aggregator module.

Login or register to post comments

#4

ricabrantes - March 18, 2008 - 09:54
Version:<none>» 7.x-dev
Status:active» closed

bump..

Login or register to post comments

#5

ricabrantes - March 18, 2008 - 11:13
Status:closed» active
Login or register to post comments

#6

alex_b - August 4, 2008 - 03:14

Aggregator's HTML filter is an input filter, while Drupal's input formats are actually output filters.

I was never really sure why aggregator had these input filters, so I'm not principally opposed to dropping them in favor of output filters. But are we missing a security related issue here?

Login or register to post comments

#7

Morbus Iff - August 4, 2008 - 13:05

alex_b: I'm not sure I understand what you mean. Core's aggregator_filter_xss() is only used during a template's preprocess, which conceptually replicates the same functionality of Drupal's standard output filters. It'd only be a true input filter if the bad tags never makes it to the database in the first place - but that's not currently the case.

Login or register to post comments

#8

alex_b - March 17, 2009 - 03:51

#7 - Morbus, late reply: I misunderstood the patch above, aggregator_filter_xss() of course is an output filter.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.