Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Allowed HTML Tags

edited February 2011 in Vanilla 2.0 - 2.8
Is it possible to configure which html tags are allowed and which are not?

I really don't wan't my users to use h1 tags, tables and all that stuff.


  • Options
    If you are referring to cleditor, then i think the file you need to edit is plugins/cleditor/jquery.cleditor.js
  • Options
    No, I don't want to use an editor, just the default textarea.
  • Options
    oliverraduneroliverraduner Contributing to Vanilla since 2010 Switzerland ✭✭
    +1 for that request
  • Options
    I think if you use HTML Purifier (plugin?) then you can disable some HTML tags. Haven't tried it though.

    There was an error rendering this rich post.

  • Options
    edited February 2011
    Having html enabled by default is very dangerous.
  • Options
    yu_tangyu_tang New
    edited February 2011
    + /conf/config.php
    $Configuration['Garden']['InputFormatter'] = 'Text';
    All html tags are shown as just a plane text.

    If you want to disallow h1 tag or anything else, go to the /plugins/htmlawed/class.htmlawed.plugin.php.
    search for line 45 around, replace:
    'elements' => '*-applet-form-input-textarea-iframe-script-style', // object, embed allowed
    'elements' => '*-applet-form-input-textarea-iframe-script-style-h1', // object, embed allowed
    See plugins/htmlawed/htmLawed/htmLawed_README.htm for details.
  • Options
    I got it.
    Htmlawed plugin is hidden in Vanilla, and I do not see mentioning of it anywhere in docs for users.
    I think that it needs normal settings in dashboard with ability to define tag.
    And even better is ability to remove such plagin and add necessary functions to the core functionality of Vanilla.
  • Options
    Hacking htmlawed.plugin.php - one of the main reasons I choose Vanilla as a forum is because I don't like hacking core files all the time.

    Found this related discussion about html purifier: ...

    So what I'm going to do now is checking BBCode (don't like it) as input format and trying out cleditor (configure html, cross browser support).
  • Options
    I think it is kind of weird to have both plugins :-)

    And I am talking about such approach that you'll be able to replace necessary text field processor in plugin as you do with views today.
This discussion has been closed.