dschreiber Posted July 10, 2017 Posted July 10, 2017 Hi folks, We are debating creating our user documentation for our customers in the pages / content section. We are an open-source project so people are encouraged to contribute, and it seems like this feature has revision tracking, moderator approval, etc. - great stuff for a community articles section. However I noticed the editor is fairly restrictive - no custom HTML, not even emojis apparently are allowed, limited formatting. Is there a way to allow articles to have custom HTML? It seems like I can add additional fields of type "text" but that doesn't allow HTML. Ideas welcome.
Meddysong Posted July 10, 2017 Posted July 10, 2017 There's a setting "can post HTML?" which you can set to yes for a certain group, then make sure the members who are trusted to use that feature are in that group.
opentype Posted July 10, 2017 Posted July 10, 2017 2 hours ago, dschreiber said: However I noticed the editor is fairly restrictive - no custom HTML, not even emojis apparently are allowed, limited formatting. Is there a way to allow articles to have custom HTML? It seems like I can add additional fields of type "text" but that doesn't allow HTML. Ideas welcome. Emoji are just regular characters that happen to be shown as color images. If you have recent MySQL installation like 5.6 they will work. ☞ ? Allowing HTML is a member group option, but a very bad idea for security reasons. For your fields, you can use “Editor” to have all the text styling, video embedding and whatnot. Or you don’t allow the full editor for a field and instead use the field options to control the HTML which is build around the field content. That is actually very powerful.
TDBF Posted July 10, 2017 Posted July 10, 2017 6 hours ago, dschreiber said: Hi folks, We are debating creating our user documentation for our customers in the pages / content section. We are an open-source project so people are encouraged to contribute, and it seems like this feature has revision tracking, moderator approval, etc. - great stuff for a community articles section. However I noticed the editor is fairly restrictive - no custom HTML, not even emojis apparently are allowed, limited formatting. Is there a way to allow articles to have custom HTML? It seems like I can add additional fields of type "text" but that doesn't allow HTML. Ideas welcome. First, you have to ask yourself is it really imperative that you allow your members the ability to add html to documents? Secondly, the editor has the ability to add modules from the CKEditor website which would allow you to greatly expand the default built in editor, which might be more what you need. I would check this out first. You will find this in the ACP under Customization/editor/toolbars. Lastly, it is never good policy to allow any member the ability to add html code directly into the editor without having a way of checking it first. Even people with good intentions and whom you may trust, could be caught out with rouge JavaScript. IPS 4.0 however implements HTMLPurifier and this has a pretty good track record when it comes to cleaning html and user input. If you know what you are doing, you can add/modify plugins in HTMLPurifier to do specific jobs that you might need to strengthen security, but it does a good job out the box. However, I am going by the assumption that IPS indeed does use HTMLPurifier to check input with HTML enabed in the editor, maybe one of the Devs can clarify this?
dschreiber Posted July 11, 2017 Author Posted July 11, 2017 Thanks these replies were super helpful. The people with edit access would be trusted moderators (our support staff) so I want to give them as much freedom as possible. While I appreciate the risks for editing HTML code, I trust these people mostly :-) However, add-ons for CKEditor would actually be easier. I will look into those first. Thank you for the great replies.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.