Loading Profile...
Twitter,
Facebook, or email.
Safe HTML
Does Wygwam have an option to "Allow only safe HTML" (similar to the channel posting preference).
-
Sorry, no. Is there something specific you’re worried about?Comment
-
-
I'm developing a site where anyone can register and post entries using safecracker. I'd like to restrict them to using links, italic, bold, and maybe a h2.
People shouldnt be allowed to e.g. add javascript or to use 100s of colors -
-
By default they can only input whatever the buttons allow them to. So just take all the buttons away except for Bold, Italic, Link, and Paragraph Format. And give it a custom style set that only includes paragraphs and h2's.
-
-
Techsavvy people are still able to bypass it and edit the textarea directly, using any tags they like (although script-tags are filtered out by EE). We'll likely have some people trying to add HTML when the site goes live. Any suggestions how to prevent it?
-
-
Only way to prevent that would be to hack ft.wygwam.php and add some HTML cleansing code to its save() function.
-
EMPLOYEE
