By schildi on

I still have the problem that e.g. a line containing CSS styles as

<p style="text-align: center;"><span style="font-size: medium;">Ausstellung "<strong>Die Odyssee der Gemälde aus Schloß Bensberg nach Bayern</strong>"</span></p>

the style="text-align" is removed when viewing.
I double checked that the line is stored correctly in the database. And in edit-mode (tinyMCE) the content is displayed also correctly.
But the after saving the node the browser gets as content 

<p><span>Ausstellung "<strong>Die Odyssee der Gemälde aus Schloß Bensberg nach Bayern</strong>"</span></p>

I don't have any idea and need some help.
Is this a common problem or some misconfiguration?

Categories: Drupal 5.x

Comments

zeta ζ’s picture

zeta ζ commented

I think your input format is doing this deliberately to prevent the display of malicious code.
___________________
It’s in the detaιls…

schildi’s picture

schildi commented

do I understand you right that you mean when viewing the content stored in the database (output!) some input filter is removing style="..." expression (NOT html tags)?

zeta ζ’s picture

zeta ζ commented

Input filters operate on content that has been input, but only when it is displayed. These filters can add to, as well as remove any part of, the output.
___________________
It’s in the detaιls…

schildi’s picture

schildi commented

where can I adjust the behavior of the filtering system?
Sorry if this is a stupid question. Your hint is to look for a "details" section?
Do you mean admin/settings/filters "Filtered html input format" -> configure?

I can't find a section for configuring CSS expressions.

zeta ζ’s picture

zeta ζ commented

You can do this, but I would not advise it on a site where users can contribute content.

There are two options;-

  • Create a new input filter format, that only you or users that you trust (not anonymous) can use. Do not include HTML Filter. Use that filter format for your content.
  • Use markup like <H4> if appropriate, or that only includes class="class", and style these tags with a new or existing css file.

I would prefer the latter in this case.
___________________
It’s in the detaιls…

schildi’s picture

schildi commented

Thanks for your answers! A couple of people (or more) seem to have this problem. And there is also some discussion about a new filtering system (see http://drupal.org/node/205160 ).

You like to advice me to use special CSS files to apply styles/classes to HTML tags (your "latter case")?
When a node is edited using tinyMCE the output for e.g. for centering is style="text-align: center;"
It looks that all CSS style tags are removed from output. But CSS class tags are not removed. I don't have a clue how to tell tinyMCE to use predefined classes in spite of styles. This should be an option to the tinyMCE Drupal module.
May be I have to create a new filter according to your first option.

zeta ζ’s picture

zeta ζ commented

tinyMCE does what it does: But that doesn’t mean that you should allow this by disabling or re-writing filters designed to protect your site. Think carefully about which users need to be able to centre text, and whether this is worth the risk of allowing them to do other, more malicious things.

Does tinyMCE not have an option to define a button, which surrounds selected text with a custom tag? eg. <div class="centre">...</div>.

Also consider adding eg. .node .content h4 {margin: 10px auto;} to your css, which would mean your users can’t just centre any old bit of text.
___________________
It’s in the detaιls…