Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
After Update to 2.1.6 not saving HTML Tags
Dr_Sommer
Dr. of tender Programing ;) ✭✭
Hi, Peoplezzzz... 
After a wonderful quiet ForumTime, no Users trying to kill me for switching Forum to Vanilla, i come back with a, hopefully, small issue... 
I did a Update from V2.1.3 to 2.1.6 (also did the 2.1.5)
After that the Font size and Color is not saved anymore after Saving the post... before that I see it in the Editor...
What must I change, to have my previous behavior, saving all the Tags?
Here is an example.... Nr.1 is the Editor, Nr.2 the saved Comment...
If I edit the saved comment, it shows the correct formated Letters like in Pic Nr. 1
Tested width Opera/FF/ Android Browser
Hope 4 some help...
Greetz
Dr. Winter... ääh... Sommer....
0
Comments
If it is even shown when you edit the comment, it is a CSS problem. You could verify that when you look at the source of the comments: I bet you'll find colored words enclosed in tags. But I think the quickest way to find help is to provide a link to a comment with colored text that is not formatted correct.
perhaps it is due to stripping of styles. wasn't something like introduced for security reasons.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Muchos Sorry for responding so late... had some Mail/Browser/Password issues...
@R_J: Can't really see no CSS Probs...
Here is the above Test:
http://caba.de/CaBaFoRuM/index.php?p=/discussion/comment/75453/#Comment_75453
And it is still so, if I open the comment for editing, the correct formated Text is shown...
@peregrine: where could I look this up?
ThX
could be a red herring, maybe not.
I dislike ckeditor, cleditor. I use buttonbar.
ckeditor and cleditor just create issues, and I don't see the advantage of ability to change font and color a major reason why a person would use a forum. That's just my thought.
these are issues relating to security safestyle fixes...
https://github.com/vanilla/vanilla/commit/3f289bd59097a12fbaad8358650e4f405dd6deeb
https://github.com/vanilla/vanilla/commit/80c3186380b59e51f33e6364aa1e1541d93726ed
I am not recommending you do this...
but you could see if this fixes your issue, which I expect it will
look in config and adjust as needed.
$Configuration['Garden']['Html']['SafeStyles'] = FALSE;
they made it so safestyles is in enforced for security reasons.
$Configuration['Garden']['Html']['SafeStyles'] = TRUE;
but you can disable and it will make your forum insecure by allowing style changes in the same way cleditor allows SafeStyles and is insecure.
see
http://vanillaforums.org/discussion/comment/218322/#Comment_218322
with styles allowed - someone could mock up an image to cover something else like sigin button or post button and redirect a person to a look a like site.
point is: allowing style tags will allow a bad user to manipulate your site, by placing images etc covering up or mimicing certain things in a devious way.
bottom line any editor that allows you to insert styles may not be the greatest in terms of security.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
also take heed if you use cleditor or if you have this set to.
$Configuration['Garden']['Html']['SafeStyles'] = FALSE;
and you use the signatures plugin:
someone could also wreak havoc with the signatures plugin, and block viewing of every discussion they posted to, if they want to simply by changing their signature with certain styles added.
and unless you are aware of this, you might not even know how to solve.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
As always, you where Right, peregrine...
putting Safestyles to FALSE resolves my problem... but not happy breaking security with it... ;(
We are using a WYSIWYG Editor simply because we LOVE to show our emotions... in Color and in Font Size... hehe...
And many user are familiar with the use of Office like Editors...
So if I use the CKEditor, I'll always risk to be hacked? Arghh... thats too bad...
Any solution to this without prohibiting all Tags? Maybe just allow certain styles, sizes and colors??
How is the NEW Vanilla Editor addressing this? is it immune??
No, simply will risk someone hijacking the css code and messing up your site .
You can specify what tags you allow in the config.php
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I could show you but they took away the fun here too
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Ah, ok... of course...
I just found THIS as something like an Explanation how to do it...
So I'll Try to use this, hoping its the right thing:
$Configuration['Garden']['Html']['AllowedElements'] = "a, abbr, acronym, address, area, audio, b, bdi, bdo, big, blockquote, br, caption, center, cite, code, col, colgroup, dd, del, details, dfn, div, dl, dt, em, figure, figcaption, font, h1, h2, h3, h4, h5, h6, hgroup, hr, i, img, ins, kbd, li, map, mark, menu, meter, ol, p, pre, q, s, samp, small, span, strike, strong, sub, sup, summary, table, tbody, td, tfoot, th, thead, time, tr, tt, u, ul, var, video, wbr";Well it is really the style that has been squelched, mostly....
for example if you use div style="background:red;" or font style="color:blue;" , or anything that has the perverse style word in the html or if you add < style type="text/css" > and add some css rules here< /style >
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
the problem it seems to me is the allowance of the style tag (which is what you are using).
tags vs. properties. there is a difference
theoretically you could parse things in the body relating to style tag to remove certain properties (like top position absolute left right float, etc) prior to save.
or if you need a couple of fonts or colors you could hack your way thru .item class and add special properties
to h2 h3 h4 h5 h6 and give them different colors via css but give them the same size. not really the way to do things but prett much the only way I can see having different colors and allow users to punch a button and not use style tags, unless you parsed the body of properties in the style that you didn't want. but then header classes would make line feeds, so it would be a whole ball of wax.
and the config statement you mentioned I don't believe is going to help you in that respect - relating to style tag which you seem to want. (it is not the way to set individual properties).
that is one one of the issues allowing the style tag.
see the htmlawed readme (if you want to learn). but you could also break things - so any testing should be done on a forum that doesn't have live users...
getting everything perfect would be far from trivial and perhaps an exercise in futility.
this may be the ticket for you.
As such, it is better to set up a CSS file with class declarations, disallow the 'style' attribute, set a '$spec' rule (see section:- #2.3) for 'class' for the 'oneof' or 'match' parameter, and ask writers to make use of the 'class' attribute.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
you might also do something with or without latex and hook up some push buttons to buttonbar in the same way countdown timer, spoilers, and mathjaxcdn.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
okeee.... arghh... why is the world always so complicated??
I need to look into it, ThX