Jump to content

Recommended Posts

Posted

Hello all, 

I know that in IPS Admin, via the user groups you can allow/disallow the posting of HTML.

Could contain: Page, Text, File

For obvious reasons I know why it is a dangerous item to have. However I have another site (Trusted) and wondered if it is possible to allow the posting of HTML via trusted domains only. This way the system will only allow HTML in posts if it is from a "Whitelisted" domain.  

I feel this would allow for a "Safer" why for HTML posting. I am not sure if this is an option already, but I did not see it. Please let me know if it already exists. 

All the best,
P

Posted
21 minutes ago, opentype said:

If it’s a specific type of content from known domains, you could just create a custom button to allow the posting of this content. 

True, 

But this button would only work if the "Can Post HTML" is enabled. But inherently if that option is enabled, there is no restriction to stop someone from posting any HTML they wanted. At least that is how I perceive it.

Posted
1 hour ago, opentype said:

No, buttons don’t require the HTML option. That’s the point.

Well, but according to my experience "Can Post HTML" has to be enabled for the buttons using custom HTML... I have buttons loading simple "div backgrounds" in various colors. For chosen users I created a secondary group allowed to see the extra buttons. And while the buttons were visible and "working" during post saving the whole HTML was stripped. Then I had to enable "Can Post HTML" for the secondary group...

Posted (edited)

As mentioned, you also need to use the white-listing functions in the editor settings. When there is styling, you need to apply that through theme CSS classes and whitelist them. When something like an iFrame needs to be loaded, you need to whitelist the domains. 

Edited by opentype
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...