Aggregator should support filter.module
| Project: | Drupal |
| Version: | 7.x-dev |
| Component: | aggregator.module |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
The aggregator module in 4.5 and 4.5.1 hardcodes the default "Filtered HTML" filter, as opposed to hooking into the filter.module system itself. This can cause problems for a number of feeds (see http://drupal.org/node/13283 for an example), since [IMG] is not one of the allowed tags. It also greatly causes issues for users of Flickr (see http://flickr.com/forums/help/2943/ for a Drupal specific issue). If aggregator.module could hook into the default filter.module, users would be able to create a "Aggregator" filter which includes tags they'd like to see (like [IMG]). The first stage of the feature should be "support a single filter for all aggregated items" and the second stage should be "support a specific filter for a specific feed, with a default for all unspecified". The default, out of the box, behavior, should be to use the "Filtered HTML" filter.

#1
#2
I agree that the aggregator should use Drupal's native input formats. In the meantime, though, attached is a patch that at least makes the list of HTML tags that the aggregator alllows configurable.
#3
Bump. My patch doesn't 'fix' the feature request, but I got some support from Karl Martino for adding an allowable elements setting for the aggregator module.
#4
bump..
#5
#6
Aggregator's HTML filter is an input filter, while Drupal's input formats are actually output filters.
I was never really sure why aggregator had these input filters, so I'm not principally opposed to dropping them in favor of output filters. But are we missing a security related issue here?
#7
alex_b: I'm not sure I understand what you mean. Core's
aggregator_filter_xss()is only used during a template's preprocess, which conceptually replicates the same functionality of Drupal's standard output filters. It'd only be a true input filter if the bad tags never makes it to the database in the first place - but that's not currently the case.#8
#7 - Morbus, late reply: I misunderstood the patch above, aggregator_filter_xss() of course is an output filter.