Drupal Tutorials and Blog Posts

Stop Drupal From Stripping Out Code

November 23, 2011 | Drupal Tutorials | Written by Steve Burge
tutuploadsmedia_1322081116803.png

Code can be dangerous. The right code in the right place brings your site to life, but there are many places where it can be a huge security risk.

Inside your content, code can be dangerous. If you allow people to use PHP, Javascript, iframes or other code inside content, you greatly increase the chances of a malicious script being used.

To minimize this risk, by default Drupal restricts the code you can use in content.

The downside to this is that some common code isn't allowed. For example, most HTML is blocked by default. Here's how to allow those on your site by stopping Joomla from stripping out code.

Text Formats

tutuploadsmedia_1322079982179.png

By default, Drupal content is entered as "Filtered HTML". What does that mean? Drupal explains in the image above.

  • Web page addresses and e-mail addresses turn into links automatically.
  • There are only twelve allowed HTML tags.

Click on the dropdown link and you'll get extra options:

tutuploadsmedia_1322080284110.png

Full HTML is described in this way:

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text is described in this way:

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

You can also to the Modules page and enable PHP filter:

tutuploadsmedia_1322080495187.png

This is described more simply:

  • You may post PHP code. You should include tags.

How does this impact your content?

tutuploadsmedia_1322080687743.png

Let's see an example of how text filters impact your content. In this example we're adding a Google Map to our content.

If we save this page with Filtered HTML, the end result will look like the image below.

tutuploadsmedia_1322080731057.png

If we save this page with Full HTML, the end result will look like the image below.

tutuploadsmedia_1322080824150.png

Modifying the Text Filters

If the default settings aren't right for you, go to Configuration > Text format.

tutuploadsmedia_1322080911660.png

You'll see that different filters are set up for different user groups. For security reasons, anonymous users and authenticated users only get access to Filtered HTML.

tutuploadsmedia_1322080958715.png

Click on Configure next to any text filter to change the options:

tutuploadsmedia_1322081085284.png
 


Add comment


Security code
Refresh

blog-ad

Start Online Training

Members get access to all our video training. That's 1,142 training sessions in Joomla, Drupal, WordPress and Coding.

Manage All Your Joomla Sites

adminicredible

With Admincredible you can update and manage all your Joomla sites. If you have 5 or 500 sites, Admincredible will make your life easier! Visit Admincredible.com.

Latest Blog Posts and Tutorials

Blog Categories

Latest Comments

The License for Our Tutorials

All of our tutorials are published under the Creative Commons Attribution-NonCommercial license. This means:

  • You can re-use these tutorials.
  • You can modify these tutorials.
  • You must link back to our original tutorial.
  • You can't use these tutorials commercially.

Click here to read the full license.



Contact Us

Phone: (+1) 678-830-2168

Email: support@ostraining.com

followusfacebookfollowtwitterfollowgoogle+


Open Source Training is not affiliated with or endorsed by the Joomla, WordPress or Drupal projects.
All product names and trademarks are the property of their respective owners.

Copyright 2013 Open Source Training, LLC. All rights reserved.