Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Configuration
The Config. and Spec. form-fields in the htmLawed filter settings for a text/input format form specify the settings the htmLawed filter is to use for that format.
Config.
Config., optionally, is specified as a set of comma-separated array elements with keys and values in PHP syntax:
'key-1'=>'value-1', 'key-2'=>'value-2', ...
The value provided is used to generate an array which is passed to the htmLawed filter. It is therefore important to carefully enter values in the Config. form-fields.
The names of keys to use and their possible values and meanings are detailed in the htmLawed documentation. Note that htmLawed uses default values so that in the absence of a specified key, a default value is used for that key during the filtering process. Also, some keys such as safe change such default values of some of the keys.
The default value used by the htmLawed module is:
'safe'=>1, 'elements'=>'a, em, strong, cite, code, ol, ul, li, dl, dt, dd', 'deny_attribute'=>'id, style'
With safe set to 1, htmLawed considers CDATA sections and HTML comments as plain text, and disallows the applet, embed, iframe, object and script elements, and the 'on*' attributes like onclick. Note that because of the value specified for elements, only a, em, strong, cite, code, ol, ul, li, dl, dt, dd, br and p are allowed anyway, and that because of the deny_attribute value all id and style attributes are also denied. (In Drupal < 8, br and p tags are not permitted in the default setting.)
Here are some more examples of htmLawed settings.
If you want PHP code blocks (flanked by <?php and?>) to escape filtering, then add the key-value 'save_php' => 1 to Config..
To prevent HTML comment code, such as the one used for the Drupal teaser mark (<!--break-->), the key-value 'comment' => 2 should be added to Config..
Spec.
Spec. is used as the other, optional, parameter for the htmLawed filter. By default, the htmLawed module does not use a Spec. value, but an administrator can provide a value to not allow an otherwise legal attribute for an HTML element, or to restrict the attribute's values.
Spec. can be specified as a string of text. The string should not be quoted. E.g.,
i=-*; td, tr=class, -*; a=id(match="/[a-z][a-z\d.:\-`"]*/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt
Above means that htmLawed will permit no attribute in i, only class in td or tr, only id and href in a, and all but width and alt in img. Further, for a, the href value should be 34-100 characters long and the id value should start with an alphabet character (a-z) and be followed by at least another alphabet character or digit or hyphen or colon or period.
Please refer to the htmLawed documentation for more about Spec..
Help (or tip fields in Drupal 8)
This field is for instructions/tips that are visible to users submitting input text. Typically, it will indicate the HTML tags that are permitted.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
