The aggregator module in 4.5 and 4.5.1 hardcodes the default "Filtered HTML" filter, as opposed to hooking into the filter.module system itself. This can cause problems for a number of feeds (see http://drupal.org/node/13283 for an example), since [IMG] is not one of the allowed tags. It also greatly causes issues for users of Flickr (see http://flickr.com/forums/help/2943/ for a Drupal specific issue). If aggregator.module could hook into the default filter.module, users would be able to create a "Aggregator" filter which includes tags they'd like to see (like [IMG]). The first stage of the feature should be "support a single filter for all aggregated items" and the second stage should be "support a specific filter for a specific feed, with a default for all unspecified". The default, out of the box, behavior, should be to use the "Filtered HTML" filter.

CommentFileSizeAuthor
#2 aggregator.module_4.patch2.05 KBsillygwailo

Comments

morbus iff’s picture

morbus iff
they/them
commented
sillygwailo’s picture

sillygwailo
Location Toronto, ON
commented
StatusFileSize
new aggregator.module_4.patch2.05 KB

I agree that the aggregator should use Drupal's native input formats. In the meantime, though, attached is a patch that at least makes the list of HTML tags that the aggregator alllows configurable.

sillygwailo’s picture

sillygwailo
Location Toronto, ON
commented

Bump. My patch doesn't 'fix' the feature request, but I got some support from Karl Martino for adding an allowable elements setting for the aggregator module.

ricabrantes’s picture

ricabrantes commented
Version: » 7.x-dev
Status: Active » Closed (fixed)

bump..

ricabrantes’s picture

ricabrantes commented
Status: Closed (fixed) » Active
alex_b’s picture

alex_b commented

Aggregator's HTML filter is an input filter, while Drupal's input formats are actually output filters.

I was never really sure why aggregator had these input filters, so I'm not principally opposed to dropping them in favor of output filters. But are we missing a security related issue here?

morbus iff’s picture

morbus iff
they/them
commented

alex_b: I'm not sure I understand what you mean. Core's aggregator_filter_xss() is only used during a template's preprocess, which conceptually replicates the same functionality of Drupal's standard output filters. It'd only be a true input filter if the bad tags never makes it to the database in the first place - but that's not currently the case.

alex_b’s picture

alex_b commented

#7 - Morbus, late reply: I misunderstood the patch above, aggregator_filter_xss() of course is an output filter.

jody lynn’s picture

jody lynn
she/her
Primary language English
commented
Version: 7.x-dev » 8.x-dev
jhedstrom’s picture

jhedstrom
Primary language English
Location Portland, OR
commented
Version: 8.0.x-dev » 8.1.x-dev
Issue summary: View changes

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.0-beta1 was released on March 2, 2016, which means new developments and disruptive changes should now be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.0-beta1 was released on August 3, 2016, which means new developments and disruptive changes should now be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.0-alpha1 will be released the week of January 30, 2017, which means new developments and disruptive changes should now be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

quietone’s picture

quietone commented
Project: Drupal core » Aggregator
Version: 9.4.x-dev » 1.x-dev
Component: aggregator.module » Code

The aggregator module has been removed from Core in 10.0.x-dev and now lives on as a contrib module. Issues in the Core queue about the aggregator module, like this one, have been moved to the contrib module queue.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
Status: Active » Closed (duplicate)

Going to close this in favour of #2552495: Refactor aggregator to use processed_text