panzerscope Posted November 27, 2022 Posted November 27, 2022 Hello all, I know that in IPS Admin, via the user groups you can allow/disallow the posting of HTML. For obvious reasons I know why it is a dangerous item to have. However I have another site (Trusted) and wondered if it is possible to allow the posting of HTML via trusted domains only. This way the system will only allow HTML in posts if it is from a "Whitelisted" domain. I feel this would allow for a "Safer" why for HTML posting. I am not sure if this is an option already, but I did not see it. Please let me know if it already exists. All the best, P
opentype Posted November 27, 2022 Posted November 27, 2022 If it’s a specific type of content from known domains, you could just create a custom button to allow the posting of this content.
panzerscope Posted November 27, 2022 Author Posted November 27, 2022 21 minutes ago, opentype said: If it’s a specific type of content from known domains, you could just create a custom button to allow the posting of this content. True, But this button would only work if the "Can Post HTML" is enabled. But inherently if that option is enabled, there is no restriction to stop someone from posting any HTML they wanted. At least that is how I perceive it.
opentype Posted November 27, 2022 Posted November 27, 2022 No, buttons don’t require the HTML option. That’s the point. They create HTML with whitelisted domains and CSS classes.
Luuuk Posted November 27, 2022 Posted November 27, 2022 1 hour ago, opentype said: No, buttons don’t require the HTML option. That’s the point. Well, but according to my experience "Can Post HTML" has to be enabled for the buttons using custom HTML... I have buttons loading simple "div backgrounds" in various colors. For chosen users I created a secondary group allowed to see the extra buttons. And while the buttons were visible and "working" during post saving the whole HTML was stripped. Then I had to enable "Can Post HTML" for the secondary group...
opentype Posted November 27, 2022 Posted November 27, 2022 (edited) As mentioned, you also need to use the white-listing functions in the editor settings. When there is styling, you need to apply that through theme CSS classes and whitelist them. When something like an iFrame needs to be loaded, you need to whitelist the domains. Edited November 27, 2022 by opentype Luuuk 1
Luuuk Posted November 27, 2022 Posted November 27, 2022 @opentype I have no idea how could I miss that! Thanks a lot!
Gary Posted November 28, 2022 Posted November 28, 2022 Happy this has been resolved for you. And thanks everyone for your support. 🙂
Recommended Posts