The Sanitize module allows administrators to configure a text format to be applied to formatted text before storage. This is useful to ensure clean and valid data in the database.

Configuring the sanitizable module

  1. Create/determine a text format to be used as a sanitizer before storage. Best practice is to create one or more separate text formats (named something like "Sanitized") that no user has access to.
  2. Add filters to the newly created text format.

    Although it is, when used properly, useful to sanitize text before it is stored into the database, please make sure the sanitize text format won't conflict with the text formats you want to be sanitized before storage. Best practice is that the sanitize text format only contains filters that correct invalid data (like the HTML corrector), remove obsolete data (like markup from word processors like OpenOffice and Microsoft Word) or remove data that is never going to be allowed.

    Useful filters are the core filters "Correct faulty and chopped off HTML" and "Limit allowed HTML tags" or filters from contributed modules like HTML Purifier and HTMLawed.

  3. Secondly add the sanitizable filter to the text formats you want to be sanitized before storage and select the newly created sanitizer text format on their configuration pages.

Drawback considerations

Take careful note that this module will alter user input. Drupal's filter system normally only filters content when being viewed. The main reason behind this behavior is that user input at any times stays intact. For example user input that at first was disallowed but later on is set to allowed will still be available.

While this definitely has its advantages there are also good reasons to filter user input before it is stored into the database. Correcting faulty and chopped off HTML for one or removing obsolete xml tags added when text is being copy/pasted from word processors like OpenOffice and Microsoft Word. In most cases there is little reason to store such data into the database.

So before you start using/configuring this module make sure the data you now want the be removed from user input never has to be there in the future any more.

Project Information

Downloads