Jump to content

Featured Replies

Posted

Hello all, 

I know that in IPS Admin, via the user groups you can allow/disallow the posting of HTML.

Could contain: Page, Text, File

For obvious reasons I know why it is a dangerous item to have. However I have another site (Trusted) and wondered if it is possible to allow the posting of HTML via trusted domains only. This way the system will only allow HTML in posts if it is from a "Whitelisted" domain.  

I feel this would allow for a "Safer" why for HTML posting. I am not sure if this is an option already, but I did not see it. Please let me know if it already exists. 

All the best,
P

If it’s a specific type of content from known domains, you could just create a custom button to allow the posting of this content. 

  • Author
21 minutes ago, opentype said:

If it’s a specific type of content from known domains, you could just create a custom button to allow the posting of this content. 

True, 

But this button would only work if the "Can Post HTML" is enabled. But inherently if that option is enabled, there is no restriction to stop someone from posting any HTML they wanted. At least that is how I perceive it.

No, buttons don’t require the HTML option. That’s the point. They create HTML with whitelisted domains and CSS classes. 

1 hour ago, opentype said:

No, buttons don’t require the HTML option. That’s the point.

Well, but according to my experience "Can Post HTML" has to be enabled for the buttons using custom HTML... I have buttons loading simple "div backgrounds" in various colors. For chosen users I created a secondary group allowed to see the extra buttons. And while the buttons were visible and "working" during post saving the whole HTML was stripped. Then I had to enable "Can Post HTML" for the secondary group...

As mentioned, you also need to use the white-listing functions in the editor settings. When there is styling, you need to apply that through theme CSS classes and whitelist them. When something like an iFrame needs to be loaded, you need to whitelist the domains. 

Edited by opentype

@opentype

I have no idea how could I miss that! Thanks a lot!

Happy this has been resolved for you. And thanks everyone for your support. 🙂

Recently Browsing 0

  • No registered users viewing this page.