WYSIWYG Filter module

Added on: Tuesday, July 3, 2012 - 20:12
Review: This Drupal module gives you a granular control on HTML element and attribute posted by user. Helps to avoid trashy copy/paste and forbidden elements.

The WYSIWYG Filter module provides an input filter that allows site administrators configure which HTML elements, attributes and style properties are allowed. It also may add rel="nofollow" to posted links based on filter options. It can do so with no additional parsing on user input. That is, it may apply nofollow rules while parsing HTML elements and attributes.

The filter is based on whitelists that can be defined from the filter settings panel. Rules for HTML element and attributes are defined using the same syntax of the TinyMCE valid_elements option.

HTML attributes related to DOM events (on*) are not allowed for security reasons (to prevent XSS, etc.).

The following elements cannot be whitelisted due to security reasons, to prevent users from breaking site layout and/or to avoid posting invalid HTML. Forbidden elements: applet, area, base, basefont, body, button, embed, form, frame, frameset, head, html, iframe, input, isindex, label, link, map, meta,...