Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

How to disable HTML tags in post body?

rornvirornvi New
edited December 2011 in Vanilla 2.0 - 2.8

I've disabled the wysiwyg but users can still post html using tags like href, img etc. Please let me know the way to permanently disable HTML or BB Code tags.

Best Answer

  • Options
    KiwiiKiwii
    Answer ✓

    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

Answers

  • Options
    KiwiiKiwii

    I think there was an option in the conf/config.php to enable/disable specific markups/parsers, but I can not find it right now. You can try the option $Configuration['Garden']['InputFormatter'] though; The default value is 'Html' but I do not know what other values can be used.

  • Options
    rornvirornvi New

    Thanks, still looking for a solution.

  • Options
    KiwiiKiwii
    Answer ✓

    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

  • Options
    rornvirornvi New

    It worked, thanks a lot :)
    Actually its my brand new forum, so there's no loss of formatting of links and embedding of videos.

  • Options
    rornvirornvi New
    edited December 2011

    Just for knowledge, could you tell me in short what's the use of HTMLawed? And where can i find the list of hidden variables like InputFormatter which are absent in default config.php?

  • Options
    x00x00 MVP

    htmlLawed makes raw html input insert-able, and when properly configured it will sanitize of any security nasties.

    Have you looked in the config-defualt.php? $Configuration['Garden']['InputFormatter'] is there last time I checked (don't edit this directly)

    grep is your friend.

  • Options
    RedTwentyFourRedTwentyFour

    do NOT edit config-defaults.php at all. just add the line in config.php.

  • Options
    macisbacmacisbac

    Kiwii said:
    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

    I tried this but the html still loads, any ideas?

Sign In or Register to comment.