Skip to:
Content
Pages
Categories
Search
Top
Bottom

Allow HTML from users


  • Nate
    Participant

    @caming

    What’s the best way to allow users to paste and use HTML? The problem is that there are still issues with the Visual editor, so can anyone help me allow them to use HTML?

    Thanks ~

Viewing 25 replies - 1 through 25 (of 33 total)

  • koreancandy
    Participant

    @koreancandy

    I want to know this too please. At the moment it is only allowing Admin to post with HTML (Your account has the ability to post unrestricted HTML content.) , but no other members of the forum can do so.

    Any ideas please?

    For security purposes it is not allowed.

    Otherwise users could do some very malicious things such as iframes that trigger js attacks, etc.

    It’s the same reason why WordPress does not allow HTML in post comments.


    Nate
    Participant

    @caming

    Jared, what about allowed HTML? For example, if a user utilizes the quote plugin, it shows this:
    <div class=”d4p-bbp-quote-title”>CAMING WROTE:</div>

    We departed a forum software that allowed basic HTML functionality but stripped all javascript and iframe references.

    Any ideas?

    As of ~2.3, the “allowed tags” are filterable within bbPress.

    Look for the filter bbp_kses_allowed_tags. It’s in includes/common/formatting.php.


    koreancandy
    Participant

    @koreancandy

    Before the upgrade I was using a TinyMCE plugin on my forum that was recommended by other BBpress users.

    Using that, the members could post videos and change font colour etc via the visual editor, but since the upgrade, when they do this, it just shows the html code and doesn’t display well.

    Is there any way to fix this? it’s highly frustrating as it was working perfectly before this upgrade.

    Thanks! πŸ™‚


    Nate
    Participant

    @caming

    @jaredatch … thanks dude, I just opened up P styles which allows to copy and paste most articles from web sites.

    The previous version of bbPress used the WordPress array of allowed tags. This meant when you installed a TinyMCE plugin for WordPress it also worked in bbPress.

    We changed that now, which is why your plugin doesn’t work. bbPress now has it’s own allowed tags setting and doesn’t necessarily use what WordPress is using.

    While it breaks some implementations (such as the plugin you’re using), in the long run it was the way to go. Now bbPress and WordPress can have different tag settings, before they were stuck using the same, which in some cases would be a huge problem.

    You need to whitelist any tags your uses will be using via the filter mentioned above. That will fix the issue you’re having.


    Earthman Media
    Participant

    @earthman100

    I am having this problem with span and p tags showing up as code in the posts, after the latest update.

    I tried your advice above and added the following function, but it did not work (p and span tags are still showing, not parsing as html).

    Any advice would be greatly appreciated, please. A screenshot of the output can be viewed here: http://screencast.com/t/CKTLbqHVb

    
    
    add_action( 'bbp_kses_allowed_tags','pyg_kses_allowed_tags',999,1);
    function pyg_kses_allowed_tags($input){
    	return array(
    
    			// paragraphs
    		'p' => array(
    			'style'     => array()
    		),
    		'span' => array(
    			'style'     => array()
    		),
    
    		// Links
    		'a' => array(
    			'href'     => array(),
    			'title'    => array(),
    			'rel'      => array()
    		),
    
    		// Quotes
    		'blockquote'   => array(
    			'cite'     => array()
    		),
    
    		// Code
    		'code'         => array(),
    		'pre'          => array(),
    
    		// Formatting
    		'em'           => array(),
    		'strong'       => array(),
    		'del'          => array(
    			'datetime' => true,
    		),
    
    		// Lists
    		'ul'           => array(),
    		'ol'           => array(
    			'start'    => true,
    		),
    		'li'           => array(),
    
    		// Images
    		'img'          => array(
    			'src'      => true,
    			'border'   => true,
    			'alt'      => true,
    			'height'   => true,
    			'width'    => true,
    		)
    		
    		
    	);
    }
    

    Hansaplastique
    Participant

    @hansaplastique

    I’d be curious to know what the recommended technique is to add or remove allowed HTML tags as well … the recent change (not using the tags list of WP) broke my editor πŸ™


    Ted Thompson
    Participant

    @yorokobi

    Seriously, you pulled it away from WP’s settings but provided no means, short of coding, to whitelist tags?

    Most users don’t have paragraphs and other random tags in their content. This only affected a small number of users who were typically copy and pasting content where as it pulls the source styling. Typical TinyMCE usage would not have placed p/span tags in the content.

    So yes, seriously, we did.


    Hansaplastique
    Participant

    @hansaplastique

    Thanks for your response Jared … I don’t mind the change, just would like to know the recommended way to change the allowed tags without having to modify the bbPress files … πŸ™‚

    For example;
    I allow registered users to place smileys in their text. The smileys are IMG’s with a particular class – the class however will be removed unless I give the user unfiltered HTML.
    I trust my users, but just not THAT much πŸ™‚


    Tbermudas
    Participant

    @tbermudas

    Now it’s not possible to add a youtube video…

    What I have to add to formatting to let members insert a youtube video like:

    <iframe width=”640″ height=”360″ src=”http://www.youtube.com/embed/e9zfJEaJhRs&#8221; frameborder=”0″ allowfullscreen></iframe>

    @hansaplastique Images can already be added. In your case you just need to add style to the approved attributes for the img tag.


    @tbermudas
    bbPress supports oembed (assuming you have it turned on in the settings) just like WordPress. So all you need to do is post the URL of the video (don’t link it) and it should automagically embed it.


    Hansaplastique
    Participant

    @hansaplastique

    Thanks Jared, I appreciate you taking the time to reply …

    My question remains how do I correctly add style or class to the allowed tags without modifying the actual formatting.php file πŸ™

    If you need to alter the tags allowed, see this code snippet:

    Modify/change the default allowed tags for bbPress

    That should get you started.


    Hansaplastique
    Participant

    @hansaplastique

    Thanks Jared – I very much appreciate the link. Works like a charm! πŸ™‚

    Minor issue with the code: it is missing “function” in front of the “ja_filter_bbpress_allowed_tags” definition.

    Whoops, wrote it in a hurry. Should be fixed now!


    Hansaplastique
    Participant

    @hansaplastique

    No worries – it was very helpful, took me only a few seconds to get it to work.
    Thank you very much again πŸ™‚


    gotsnow
    Participant

    @gotsnow

    I also have <div class=”d4p-bbp-quote-title”> showing up when I add a quote.

    What tags should I allow to fix this?


    Hansaplastique
    Participant

    @hansaplastique

    In the code Jared so kindly offered, you’ll need to add soemthing like this to the array:

    'div' => array(
    		'class'     => array()
    ),

    Rachel Biel
    Participant

    @rayela

    Is there somewhere I can point our members to where they can see what each of the buttons on this new editor does? I wish you had stayed with the universal symbols used in most wysiwyg editors as they are used to it. Even I am not completely sure how to use them. I’ve searched for a guide or examples and found nothing.


    John James Jacoby
    Keymaster

    @johnjamesjacoby

    These symbols come with WordPress. We could include our own and override these, but I’m not totally sure that’s the best solution for everyone.

    There’s also nothing wrong with enabling TinyMCE; it’s just, a bit much for these lightweight forums in my opinion.


    Rachel Biel
    Participant

    @rayela

    Well, when you have a forum that is image based, it is a pain to have to use image urls only. We are an art group and showing images is necessary for everything we do. It seems to me like the administrators of each forum should have the ability to decide whether to trust their users or not. I really wish that we could have the TinyMCE for all participants. I tried a couple of different plugins and some could see the editor and others couldn’t. Then, I tried RT-Media’s plugin and test each update of theirs, but it doesn’t work.

    A big problem with using image urls (if you can’t load them into wordpress as the admin) is that that image could disappear if the hosting post is deleted or if the site goes down. We are using the GD BBPress Attachments plugin for attachments, which is a nice thing to have, but it does not do well if you are explaining something and showing several images which would be best embedded inside of the text.

    I looked everywhere for an explanation of what the symbols mean in this bbpress editor and couldn’t find anything, so I did a demo for our members: http://www.tafaforum.com/user-groups/tafa-forum-help/forum/topic/text-editor-or-wysiwyg/

    It’s not intuitive and a couple of the buttons seem to be useless. Most of our members will have no clue as to what they mean and using symbols that are commonly around on text editors would have been helpful.

    Things are finally working pretty well, but it’s been quite the long road in getting this set up. I think there should be a warning in documentation on bbpress: “Non-coders beware! You will need coding experience to make this work!”


    dubbinz
    Participant

    @dubbinz

    @Jared Atchison

    My formatting.php now looks like this

    function bbp_kses_allowed_tags() {
    	return apply_filters( 'bbp_kses_allowed_tags', array(
    
    		// Links
    		'a' => array(
    			'href'     => array(),
    			'title'    => array(),
    			'rel'      => array()
    		),
    
    		// Quotes
    		'blockquote'   => array(
    			'cite'     => array()
    		),
    
    		// Code
    		'code'         => array(),
    		'pre'          => array(),
    
    		// Formatting
    		'em'           => array(),
    		'strong'       => array(),
    		'del'          => array(
    			'datetime' => true,
    		),
    
    		// Lists
    		'ul'           => array(),
    		'ol'           => array(
    			'start'    => true,
    		),
    		'li'           => array(),
    
    		// Images
    		'img'          => array(
    			'src'      => true,
    			'border'   => true,
    			'alt'      => true,
    			'height'   => true,
    			'width'    => true,
    		),
    		'br'   		   => array(),
    		'p'		   => array(),
    		'b'		   => array(),
    		'input' 	   => array(
    					'name'  => true,
    					'type'  => true,
    					'value' => true,
    					'style' => array()
    		)
    	) );
    }
    

    br tags, p tags and b tags are now working however input is not working. I am not awesome at php so I am just pretty much trial and erroring my way around haha, can you tell me why I cannot get input tags to work with this edit?

Viewing 25 replies - 1 through 25 (of 33 total)
  • You must be logged in to reply to this topic.
Skip to toolbar