Stop Drupal From Stripping Out Code

tutuploadsmedia_1322081116803.png

Code can be dangerous. The right code in the right place brings your site to life, but there are many places where it can be a huge security risk.

Inside your content, code can be dangerous. If you allow people to use PHP, Javascript, iframes or other code inside content, you greatly increase the chances of a malicious script being used.

To minimize this risk, by default Drupal restricts the code you can use in content.

The downside to this is that some common code isn’t allowed. For example, most HTML is blocked by default. Here’s how to allow those on your site by stopping Drupal from stripping out code.

Text Formats

tutuploadsmedia_1322079982179.png

By default, Drupal content is entered as “Filtered HTML”. What does that mean? Drupal explains in the image above.

  • Web page addresses and e-mail addresses turn into links automatically.
  • There are only twelve allowed HTML tags.

Click on the dropdown link and you’ll get extra options:

tutuploadsmedia_1322080284110.png

Full HTML is described in this way:

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text is described in this way:

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

You can also to the Modules page and enable PHP filter:

tutuploadsmedia_1322080495187.png

This is described more simply:

  • You may post PHP code. You should include tags.

How does this impact your content?

tutuploadsmedia_1322080687743.png

Let’s see an example of how text filters impact your content. In this example we’re adding a Google Map to our content.

If we save this page with Filtered HTML, the end result will look like the image below.

tutuploadsmedia_1322080731057.png

If we save this page with Full HTML, the end result will look like the image below.

tutuploadsmedia_1322080824150.png

Modifying the Text Filters

If the default settings aren’t right for you, go to Configuration > Text format.

tutuploadsmedia_1322080911660.png

You’ll see that different filters are set up for different user groups. For security reasons, anonymous users and authenticated users only get access to Filtered HTML.

tutuploadsmedia_1322080958715.png

Click on Configure next to any text filter to change the options:

tutuploadsmedia_1322081085284.png

Author

  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

0 0 votes
Article Rating
Subscribe
Notify of
18 Comments
Oldest
Newest
Inline Feedbacks
View all comments
AnnyIngram
AnnyIngram
10 years ago

It is much helpful article about stop Drupal from stripping out code. Your blog is having interesting topic as compared to other article on the web. Please can you help me, how to set cookies in PHP?

AnnyIngram
AnnyIngram
10 years ago

Good explanation has been given for learning about Drupal. I think it is a good approach. Thank you, keep up with your work don’t leave it.

John Williams
John Williams
10 years ago

Hi! Thanks a lot for sharing such nice stuff regarding responsive web design drupal.This is what makes the Drupal community best so far.Great write – up. Cheers!

mathews
mathews
9 years ago

excellent article on using right content at the right place. Your post is very useful to new and experienced PHP developer.
I recommend your article to my friends and students.
PHP

training in Chennai

Boi Meningkat
Boi Meningkat
2 years ago
Reply to  mathews

It looks very interesting, I am willing to read this post and give good appreciation to the author. I’m from Indonesia happy to visit here. Thank you.

qinghezhang2009@gmail.com

Thank you Steve. The text format changes are very useful. I can use it input a table into my map info window like this:

steve
steve
8 years ago
Reply to  Frank

Great, that’s good to hear

zietbukuel
zietbukuel
7 years ago

Sorry but using the PHP filter is a horrible idea.

tansitanu
tansitanu
5 years ago

I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.
https://www.besanttechnologies.com/training-courses/data-warehousing-training/hadoop-training-institute-in-chennai

annapurna
annapurna
5 years ago

in text format of php how to include html tags

revathiajay
revathiajay
4 years ago

Good work.

noghrabco
noghrabco
3 years ago

Hi
good one, thanks

mahanit
mahanit
3 years ago

this helped thanks
I enjoyed your post
keetp it up

Charly Wiliamse
Charly Wiliamse
3 years ago

Informative article. I was searching for this information on google.

Boi Meningkat
Boi Meningkat
2 years ago

It looks very interesting, I am willing to read this post and give good appreciation to the author. I’m from Indonesia happy to visit here. Thank you.

joe
joe
3 years ago

nice 

Our Endangered World
Our Endangered World
2 years ago

Hello, steve! Thank you for this blog about Drupal and codes. I’m also grateful for how you point out how dangerous it can be if not handled in a way to minimize its risk.

Boi Meningkat
Boi Meningkat
2 years ago

nice information, thanks

18
0
Would love your thoughts, please comment.x
()
x