By YossiN on

I use FCKeditor to create content

I was told on IRC not to use the full HTML but only filtered HTML

1- why is it so (if this is really the case)?
2- when I put underline or pictures with filtered HTML it doesn't appear. how do I overcome it?

thanks

Categories: Drupal 5.x

Comments

HedgeMage’s picture

HedgeMage commented

1) Using full HTML is dangerous because users can include all sorts of things on your website without your knowledge, some of which pose security risks.

2) The default settings for filtered HTML do not allow <u> or <img> tags. You can go to http://www.example.com/admin/settings/filters/1 (or http://www.example.com/?q=admin/settings/filters/1 if you don't have cleanURLs), where www.example.com is the drupal site in question, to change what is or isn't allowed.

sneakyimp’s picture

sneakyimp commented

If you go to http://www.example.com/admin/settings/filters/1, you can merely turn on or off one of the 4 filters in its entirety. It doesn't permit you to add a U tag. How does one alter the allowed html tags?

Juc1’s picture

Juc1 commented

http://tinyurl.com/3a34wvn

sneakyimp’s picture

sneakyimp commented

Thanks Juc1.

I managed to find that on my own. It's really kind of a bummer that this forum won't send you email when your topic is updated.

Rep++

sneakyimp’s picture

sneakyimp commented

So the answers then:
1) It probably depends on how many people have posting privileges on your site. If it's many people, then your site might be abused by folks posting script exploits or XSS attacks.
2) "filtered html" takes tags out of your html -- like image tags. If you look at the link Juc 1 posted, you'll see a tip.