Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.From README.txt (caveats):
By default, Drupal uses the 'Filtered HTML' input format for adding
content to the site and this can create conflicts with TinyMCE. It's
best when using this editor to use an input format that has all
filters disabled. What I usually do is create an input format called
'Rich-text editing' and set that as the default format for roles which
use TinyMCE exclusively. [...]
I believe this unsound advice as this allows users to execute cross site scripting attacks. It is better to add desired tags (within reason) to the HTML filter.
Comments
Comment #1
heine commentedComment #2
mupsi