Allow HTML from users
-
What’s the best way to allow users to paste and use HTML? The problem is that there are still issues with the Visual editor, so can anyone help me allow them to use HTML?
Thanks ~
-
I want to know this too please. At the moment it is only allowing Admin to post with HTML (Your account has the ability to post unrestricted HTML content.) , but no other members of the forum can do so.
Any ideas please?
For security purposes it is not allowed.
Otherwise users could do some very malicious things such as iframes that trigger js attacks, etc.
It’s the same reason why WordPress does not allow HTML in post comments.
Jared, what about allowed HTML? For example, if a user utilizes the quote plugin, it shows this:
<div class=βd4p-bbp-quote-titleβ>CAMING WROTE:</div>We departed a forum software that allowed basic HTML functionality but stripped all javascript and iframe references.
Any ideas?
As of ~2.3, the “allowed tags” are filterable within bbPress.
Look for the filter
bbp_kses_allowed_tags
. It’s inincludes/common/formatting.php
.Before the upgrade I was using a TinyMCE plugin on my forum that was recommended by other BBpress users.
Using that, the members could post videos and change font colour etc via the visual editor, but since the upgrade, when they do this, it just shows the html code and doesn’t display well.
Is there any way to fix this? it’s highly frustrating as it was working perfectly before this upgrade.
Thanks! π
@jaredatch … thanks dude, I just opened up P styles which allows to copy and paste most articles from web sites.
The previous version of bbPress used the WordPress array of allowed tags. This meant when you installed a TinyMCE plugin for WordPress it also worked in bbPress.
We changed that now, which is why your plugin doesn’t work. bbPress now has it’s own allowed tags setting and doesn’t necessarily use what WordPress is using.
While it breaks some implementations (such as the plugin you’re using), in the long run it was the way to go. Now bbPress and WordPress can have different tag settings, before they were stuck using the same, which in some cases would be a huge problem.
You need to whitelist any tags your uses will be using via the filter mentioned above. That will fix the issue you’re having.
I am having this problem with span and p tags showing up as code in the posts, after the latest update.
I tried your advice above and added the following function, but it did not work (p and span tags are still showing, not parsing as html).
Any advice would be greatly appreciated, please. A screenshot of the output can be viewed here: http://screencast.com/t/CKTLbqHVb
add_action( 'bbp_kses_allowed_tags','pyg_kses_allowed_tags',999,1); function pyg_kses_allowed_tags($input){ return array( // paragraphs 'p' => array( 'style' => array() ), 'span' => array( 'style' => array() ), // Links 'a' => array( 'href' => array(), 'title' => array(), 'rel' => array() ), // Quotes 'blockquote' => array( 'cite' => array() ), // Code 'code' => array(), 'pre' => array(), // Formatting 'em' => array(), 'strong' => array(), 'del' => array( 'datetime' => true, ), // Lists 'ul' => array(), 'ol' => array( 'start' => true, ), 'li' => array(), // Images 'img' => array( 'src' => true, 'border' => true, 'alt' => true, 'height' => true, 'width' => true, ) ); }
I’d be curious to know what the recommended technique is to add or remove allowed HTML tags as well … the recent change (not using the tags list of WP) broke my editor π
Seriously, you pulled it away from WP’s settings but provided no means, short of coding, to whitelist tags?
Most users don’t have paragraphs and other random tags in their content. This only affected a small number of users who were typically copy and pasting content where as it pulls the source styling. Typical TinyMCE usage would not have placed p/span tags in the content.
So yes, seriously, we did.
Thanks for your response Jared … I don’t mind the change, just would like to know the recommended way to change the allowed tags without having to modify the bbPress files … π
For example;
I allow registered users to place smileys in their text. The smileys are IMG’s with a particular class – the class however will be removed unless I give the user unfiltered HTML.
I trust my users, but just not THAT much πNow it’s not possible to add a youtube video…
What I have to add to formatting to let members insert a youtube video like:
<iframe width=”640″ height=”360″ src=”http://www.youtube.com/embed/e9zfJEaJhRs” frameborder=”0″ allowfullscreen></iframe>
@hansaplastique Images can already be added. In your case you just need to add
style
to the approved attributes for theimg
tag.
@tbermudas bbPress supports oembed (assuming you have it turned on in the settings) just like WordPress. So all you need to do is post the URL of the video (don’t link it) and it should automagically embed it.Thanks Jared, I appreciate you taking the time to reply …
My question remains how do I correctly add
style
orclass
to the allowed tags without modifying the actualformatting.php
file πIf you need to alter the tags allowed, see this code snippet:
Modify/change the default allowed tags for bbPress
That should get you started.
Thanks Jared – I very much appreciate the link. Works like a charm! π
Minor issue with the code: it is missing “function” in front of the “ja_filter_bbpress_allowed_tags” definition.
Whoops, wrote it in a hurry. Should be fixed now!
No worries – it was very helpful, took me only a few seconds to get it to work.
Thank you very much again πI also have <div class=βd4p-bbp-quote-titleβ> showing up when I add a quote.
What tags should I allow to fix this?
In the code Jared so kindly offered, you’ll need to add soemthing like this to the array:
'div' => array( 'class' => array() ),
Is there somewhere I can point our members to where they can see what each of the buttons on this new editor does? I wish you had stayed with the universal symbols used in most wysiwyg editors as they are used to it. Even I am not completely sure how to use them. I’ve searched for a guide or examples and found nothing.
These symbols come with WordPress. We could include our own and override these, but I’m not totally sure that’s the best solution for everyone.
There’s also nothing wrong with enabling TinyMCE; it’s just, a bit much for these lightweight forums in my opinion.
Well, when you have a forum that is image based, it is a pain to have to use image urls only. We are an art group and showing images is necessary for everything we do. It seems to me like the administrators of each forum should have the ability to decide whether to trust their users or not. I really wish that we could have the TinyMCE for all participants. I tried a couple of different plugins and some could see the editor and others couldn’t. Then, I tried RT-Media’s plugin and test each update of theirs, but it doesn’t work.
A big problem with using image urls (if you can’t load them into wordpress as the admin) is that that image could disappear if the hosting post is deleted or if the site goes down. We are using the GD BBPress Attachments plugin for attachments, which is a nice thing to have, but it does not do well if you are explaining something and showing several images which would be best embedded inside of the text.
I looked everywhere for an explanation of what the symbols mean in this bbpress editor and couldn’t find anything, so I did a demo for our members: http://www.tafaforum.com/user-groups/tafa-forum-help/forum/topic/text-editor-or-wysiwyg/
It’s not intuitive and a couple of the buttons seem to be useless. Most of our members will have no clue as to what they mean and using symbols that are commonly around on text editors would have been helpful.
Things are finally working pretty well, but it’s been quite the long road in getting this set up. I think there should be a warning in documentation on bbpress: “Non-coders beware! You will need coding experience to make this work!”
@Jared Atchison
My formatting.php now looks like this
function bbp_kses_allowed_tags() { return apply_filters( 'bbp_kses_allowed_tags', array( // Links 'a' => array( 'href' => array(), 'title' => array(), 'rel' => array() ), // Quotes 'blockquote' => array( 'cite' => array() ), // Code 'code' => array(), 'pre' => array(), // Formatting 'em' => array(), 'strong' => array(), 'del' => array( 'datetime' => true, ), // Lists 'ul' => array(), 'ol' => array( 'start' => true, ), 'li' => array(), // Images 'img' => array( 'src' => true, 'border' => true, 'alt' => true, 'height' => true, 'width' => true, ), 'br' => array(), 'p' => array(), 'b' => array(), 'input' => array( 'name' => true, 'type' => true, 'value' => true, 'style' => array() ) ) ); }
br tags, p tags and b tags are now working however input is not working. I am not awesome at php so I am just pretty much trial and erroring my way around haha, can you tell me why I cannot get input tags to work with this edit?
- You must be logged in to reply to this topic.