Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to disable HTML tags in post body?

rornvirornvi New
edited December 2011 in Vanilla 2.0 - 2.8

I've disabled the wysiwyg but users can still post html using tags like href, img etc. Please let me know the way to permanently disable HTML or BB Code tags.

Best Answer

  • Answer ✓

    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

Answers

  • I think there was an option in the conf/config.php to enable/disable specific markups/parsers, but I can not find it right now. You can try the option $Configuration['Garden']['InputFormatter'] though; The default value is 'Html' but I do not know what other values can be used.

  • Thanks, still looking for a solution.

  • Answer ✓

    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

  • It worked, thanks a lot :)
    Actually its my brand new forum, so there's no loss of formatting of links and embedding of videos.

  • rornvirornvi New
    edited December 2011

    Just for knowledge, could you tell me in short what's the use of HTMLawed? And where can i find the list of hidden variables like InputFormatter which are absent in default config.php?

  • htmlLawed makes raw html input insert-able, and when properly configured it will sanitize of any security nasties.

    Have you looked in the config-defualt.php? $Configuration['Garden']['InputFormatter'] is there last time I checked (don't edit this directly)

    grep is your friend.

  • do NOT edit config-defaults.php at all. just add the line in config.php.

  • Kiwii said:
    Well, I tried putting $Configuration['Garden']['InputFormatter'] = 'none'; into the config.php and now html tags are stripped out of my text. I do not know if that's what you are looking for, but at least it is not possible to use them anymore. Negative side effects are loss of automatic formatting of links and embedding of videos.

    I tried this but the html still loads, any ideas?

Sign In or Register to comment.