| 1 |
Safe HTML
|
| 2 |
---------
|
| 3 |
|
| 4 |
Description
|
| 5 |
-----------
|
| 6 |
|
| 7 |
Safe HTML is a module that filter the input before the content is stored in the
|
| 8 |
database. Unlike Drupal basic filtering system, Safe HTML filter the form post
|
| 9 |
and perform code cleaning before the content is stored on the site backend.
|
| 10 |
|
| 11 |
Safe HTML must be enabled on the Input formats section as a filter for the
|
| 12 |
desired input format. Safe HTML cannot be used in conjunction with PHP Parser
|
| 13 |
Filter because Safe HTML will strip any PHP code. Safe HTML can be used together
|
| 14 |
with HTML Filter in order to limit HTML tags to an allowed array.
|
| 15 |
|
| 16 |
Administrators and allowed users can define custom PHP code to perform
|
| 17 |
additional tasks on the form input. The site administrator can define what kind
|
| 18 |
of custom transformation may occur on the form content. He must appy these
|
| 19 |
transformations to a variable named $html.
|
| 20 |
|
| 21 |
The module is based on SafeHTML, http://pixel-apes.com/safehtml a
|
| 22 |
project leaded by Roman Ivanov. This module strips down all potentially
|
| 23 |
dangerous content within HTML:
|
| 24 |
|
| 25 |
* opening tag without its closing tag
|
| 26 |
* closing tag without its opening tag;
|
| 27 |
* resolving cases like <p><em>abc</p></em>;
|
| 28 |
* strip any of these tags: "base", "basefont", "head", "html", "body", "applet",
|
| 29 |
"object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed",
|
| 30 |
"bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
|
| 31 |
* any of these attributes: on*, data*, dynsrc
|
| 32 |
* javascript:/vbscript:/about: etc. protocols
|
| 33 |
* expression/behavior etc. in styles
|
| 34 |
* any other active content
|
| 35 |
|
| 36 |
It also tries to convert code to XHTML valid, but htmltidy is far better
|
| 37 |
solution for this task.
|
| 38 |
|
| 39 |
Install
|
| 40 |
-------
|
| 41 |
|
| 42 |
1. Copy the "safehtml" directory under "modules/" or "sites/all/modules";
|
| 43 |
2. Go to "admin/build/modules" and eneble "Safe HTML" module;
|
| 44 |
3. Go to "admin/settings/filters", choose an input format to configure. Enable
|
| 45 |
Safe HTML as filter for this input format. Typically you should consider to
|
| 46 |
enable Safe HTML as a filter to "Filtered HTML" input format. You can disable
|
| 47 |
"HTML filter" because Safe HTML will do that task too.
|
| 48 |
4. Go to "admin/content/safehtml" in order to add additonal filtering options
|
| 49 |
when forms are submitted.
|
| 50 |
|
Parent Directory
| 
Revision Log
| 
Revision Graph