I am using the wysiwyg (API) module with TinyMCE. I've got basic buttons:
bold, italic, underline, strike, align left/center/right, bullet/numbered lists, super/sub script, links, images, tidy code.
To insert images I'm using the TinyMCE image button, and the cck imagefield. In both cases, if the image is resized, then the 'image resize filter' will kick in.
I'm going to be inserting video using the cck 'video upload' module and might also install the cck 'Embedded Media Field' module too.
Now, all this is ok for admins if we simply use the 'html full' filter (ie. no core html filter).
But we want auth users to also be able to use SOME of this stuff, which simply won't work with the core html filter.
I'm looking at three 3rd party filters at the moment:
· HTML Purifier
· htmLawed
· wysiwyg_filter
Has anyone tried all three?
HTML Purifier looks to be the 'best' (ie. safest, most flexible), but also seems to be large, complex and resource hungry?
Any opinions or advice?
Cheers.
Comments
A simpler route is to just
A simpler route is to just add the tags you want them to use to the Filtered HTML filter (or whatever filter the authenticated users use).
---
"Nice to meet you Rose...run for your life." - The Doctor
My first public Drupal site - EyeOnThe503
WYSIWYG Filter
you might be looking for http://drupal.org/project/wysiwyg_filter
less == more
Yep, that one was on my
Yep, that one was on my short-list, and does seem simpler & smaller than html purifier.
However, html purifier is way, way more popular than either wysiwyg filter or htmLawed, even
though it is the largest/slowest.
That's why I'm interested to hear from experienced people who have tried all of them.
In the meantime, I have installed html purifier.
Cheers.
Everything I say is opinion, even if interpreted as fact.
Sometimes I may be inaccurate or *GASP* wrong!
Sometimes I attack Drupal due to frustration. Get over it.
htmLawed is much leaner and
htmLawed is much leaner and faster than HTMLPurifier; it also lets you choose any HTML element/attribute you wish to allow (such as CDATA sections and 'script'). The Drupal htmLawed filter module, which I maintain, also allows for specific HTML filtering rules for different node types, comments, feed items, etc.
The thing that put me off
The thing that put me off htmLawed was that it looked like I had to write the rules myself from scratch. I don't want to have to learn how to do that; not just learning the syntax, but learning to weigh the benefits and the risks of each entry.
html purifier seems to work out of the box without me doing anything.
Any comment?
Everything I say is opinion, even if interpreted as fact.
Sometimes I may be inaccurate or *GASP* wrong!
Sometimes I attack Drupal due to frustration. Get over it.
The htmLawed module is meant
The htmLawed module is meant to work out of the box. It pre-fills the filter settings so the admin does not have to specify anything. The default settings that are used match Drupal's in-built HTML filter's settings (e.g., 'a' and 'em' are permitted but 'script' is not). Even otherwise, to modify the settings, one just has to change the list of the permitted tags in the module's configuration form fields.
Using htmLawed itself (the PHP script, directly, and not through the Drupal module) is a different issue (which you don't have to deal with when using the module). Then you need to understand what the configuration parameters stand for (but only if you want to customize htmLawed).
Thanks for your reply. Still
Thanks for your reply.
Still not sure which to use.
I guess I'll go with the majority for the moment, until I have time to research this properly.
Everything I say is opinion, even if interpreted as fact.
Sometimes I may be inaccurate or *GASP* wrong!
Sometimes I attack Drupal due to frustration. Get over it.