Download & Extend
Issues

Aggregator should support filter.module

Posted by Morbus Iff on December 8, 2004 at 6:36pm
Project:Drupal core
Version:8.x-dev
Component:aggregator.module
Category:feature request
Priority:normal
Assigned:Unassigned
Status:active

Issue Summary

The aggregator module in 4.5 and 4.5.1 hardcodes the default "Filtered HTML" filter, as opposed to hooking into the filter.module system itself. This can cause problems for a number of feeds (see http://drupal.org/node/13283 for an example), since [IMG] is not one of the allowed tags. It also greatly causes issues for users of Flickr (see http://flickr.com/forums/help/2943/ for a Drupal specific issue). If aggregator.module could hook into the default filter.module, users would be able to create a "Aggregator" filter which includes tags they'd like to see (like [IMG]). The first stage of the feature should be "support a single filter for all aggregated items" and the second stage should be "support a specific filter for a specific feed, with a default for all unspecified". The default, out of the box, behavior, should be to use the "Filtered HTML" filter.

Login or register to post comments

Comments

#1

Posted by Morbus Iff on December 8, 2004 at 6:37pm

#2

Posted by sillygwailo on February 14, 2005 at 7:29am

I agree that the aggregator should use Drupal's native input formats. In the meantime, though, attached is a patch that at least makes the list of HTML tags that the aggregator alllows configurable.

AttachmentSizeStatusTest resultOperations
aggregator.module_4.patch2.05 KBIgnored: Check issue status.NoneNone

#3

Posted by sillygwailo on March 22, 2005 at 7:18pm

Bump. My patch doesn't 'fix' the feature request, but I got some support from Karl Martino for adding an allowable elements setting for the aggregator module.

#4

Posted by ricabrantes on March 18, 2008 at 9:54am
Version:<none>» 7.x-dev
Status:active» closed (fixed)

bump..

#5

Posted by ricabrantes on March 18, 2008 at 11:13am
Status:closed (fixed)» active

#6

Posted by alex_b on August 4, 2008 at 3:14am

Aggregator's HTML filter is an input filter, while Drupal's input formats are actually output filters.

I was never really sure why aggregator had these input filters, so I'm not principally opposed to dropping them in favor of output filters. But are we missing a security related issue here?

#7

Posted by Morbus Iff on August 4, 2008 at 1:05pm

alex_b: I'm not sure I understand what you mean. Core's aggregator_filter_xss() is only used during a template's preprocess, which conceptually replicates the same functionality of Drupal's standard output filters. It'd only be a true input filter if the bad tags never makes it to the database in the first place - but that's not currently the case.

#8

Posted by alex_b on March 17, 2009 at 3:51am

#7 - Morbus, late reply: I misunderstood the patch above, aggregator_filter_xss() of course is an output filter.

#9

Posted by Jody Lynn on January 5, 2011 at 8:54pm
Version:7.x-dev» 8.x-dev