Geodesic Solutions Community Wiki

User Tools

Site Tools

You are here: Auction and Classified Software Support Home » Admin Menu » Site Setup » Allowed HTML
admin_menu:site_setup:allowed_html:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
admin_menu:site_setup:allowed_html:start [2014/09/25 16:55]
127.0.0.1 external edit 		admin_menu:site_setup:allowed_html:start [2017/02/23 07:34] (current)
geojames
Line 2: Line 2:
 ====== Allowed HTML ====== ====== Allowed HTML ======
  
-Admin Page**Site Setup > Allowed HTML**+We've moved this admin support wiki page to the following [[startup_tutorial_and_checklist:feature_configuration:allowed_html:start|allowed html support wiki page]]
  
-Use this administration tool to control what HTML tags are allowed to be used on your site where users enter text.  Note that this applies to any text entered by the user where HTML is allowed, including, if you are using the Storefront Addon, any HTML used on pages within a user's Storefront Manager. 
  
-<tip c n>Note that changes in this admin tool will not affect the content already in the system.  Changes in this admin tool can only affect the content of listings that are placed into the system or edited after changes are saved in this admin tool.  If there is some HTML or tags you want removed in a current listing you will need to edit that listing on the client side to manually remove the tags in question.  You can also test your configuration within this admin tool by editing a current listing with the "infected" HTML on the client side.  If you have setup the tags successfully to be removed in this admin tool any tags within current listings should be automatically removed by editing and saving your changes to those listings.</tip> 
- 
-===== Tags Matching <tag ...> or </tag> ===== 
- 
-{{:admin_menu:site_setup:allowed_html:tags_matching.png |}} 
- 
-On the list of HTML tags, check the box for **Allowed?** for any HTML tags you wish to allow your users to use when entering text on the site, for example in the "listing details" when placing a listing.  If a user attempts to enter a HTML tag that is on this list that is not allowed, it will simply be removed from the text with no replacement.  The tags with an asterisk (*) are strongly recommended to **not be allowed**. This is because the potential for a user to enter malicious code exists with the tags we have identified with an asterisk. 
- 
-==== Tags not in this list ==== 
- 
- 
-{{:admin_menu:site_setup:allowed_html:tags_not_in_list.png |}} 
- 
-Use this setting to allow or not allow a user to enter tags not found on this list at all.  We recommend leaving this setting disallowed (by un-checking the box for "Allowed?"). 
- 
-==== Add Tag ==== 
- 
-{{:admin_menu:site_setup:allowed_html:add_tag.png |}} 
- 
-When you enter a tag you only need to enter the //first// part of the HTML tag **BETWEEN** the "<" and ">", **without** the attributes.  For example, if the "a" (HTML anchor) tag was not one of the default tags defined, and you wanted to add it, you would only need to enter "a" into the tool. 
- 
-The full HTML tag may look something like: 
- 
-<code html><a href="http://www.geodesicsolutions.com"> go to Geodesic Solutions website</a></code> 
- 
-You would enter the tag as just **a**, leave off the rest of the tag.  Also check the box for **Allowed?** if you wish to allow this new tag that you are adding to the list. 
- 
-Note that the tags on this list are **case insensitive**, meaning that if a tag is on this list and not allowed, it will be removed from text regardless of if the tag is found in the text upper-case, lower-case, or even a combination of both. 
- 
-===== Special: Match without < > ===== 
- 
-**Note:**  This section **removed** in version **5.2.0** and up, as it is no longer needed with the way templates work now.  If you still wish to filter any of these "special" cases, you can do so using the badword replacement feature. 
- 
-{{:admin_menu:site_setup:allowed_html:special_match_without_tag.png|}} 
- 
-This is a list of things you can allow or not allow, that will be matched even if they are not part of a tag.  You cannot add additional things to this list, there is only the pre-defined ones.  If you need to filter out anything else that is not a tag, and not on this special list, we recommend using the **Badwords** tool to do so. 
- 
-If any of the items on this list are not allowed, if it is found anywhere in the text at all, it will be removed.  This can result in un-desired side effects, and for this reason we highly recommend you leave all items on this list as "allowed". 
- 
-See below for an explanation of what each of the patterns on this list does. 
-^ Pattern ^ Common Use ^ Recommendation ^ 
-| **<?** | Open PHP tag | **Doesn't matter** This can be disallowed with little chance of removing something legitimate.  However, allowing it does not pose a security risk((But the paranoid may choose to block it anyways, just in case.)). | 
-| **$** | Start of a variable in PHP | **Allow**.  Dis-allowing this can cause $ removed from text, even when it may just be used as the currency symbol | 
-| **%** | Not sure why this is here. | **Allow**.  Turning this off can inadvertently break the width of things, if the width of something is set to a % value. | 
-| **!** | Not sure why this one is here, either.  | **Allow**.  Your "excited" clients will look like they fail at punctuation if you do not allow this!((Or at least the ones that try to use an exclamation mark (!) at the end of a sentence in the listing description)) | 
-| **?>** | Close PHP Tag | **Doesn't matter**.  Allowing it won't be a security problem.  Dis-allowing it will most likely not cause any accidental removals, since ?> does not come up in every day conversation (unless discussing PHP) | 
- 
- 
-===== Warning: HTML Removed by WYSIWYG ===== 
- 
-Note there may be **inadvertent** tags disallowed if you use the WYSIWYG within your place a listing process.  The WYSIWYG does not have the ability to represent flash or dynamic content within it, among other things.  So even if you allowed the <param>, <object>, ...etc tags to display this content within the WYSIWYG the WYSIWYG itself may remove the tags. 
- 
-The WYSIWYG will also attempt to **auto-correct** HTML according to what it considers is //valid HTML// If your clients use the //HTML// button in the WYSIWYG editor to manually insert or edit the HTML directly, if that HTML is not //valid// (according to what the WYSIWYG editor considers valid), the editor will try to auto-correct the HTML.  Most of the time the effect is fine, as it causes the HTML to be "valid" which search engines (at least Google) seem to prefer.  But sometimes, this can cause problems, for instance it may result in un-expected things happening like things being moved around, resized, or removed altogether as a result of the "auto correcting". 
- 
-In those cases, where the WYSIWYG editor is causing problems with entering the HTML as desired, advise your users to click on **[Add/Remove Editor]** to temporarily turn off the WYSIWYG editor, and they can enter the HTML directly into a normal "textarea" that will not attempt to change or correct the HTML code they enter in. 
admin_menu/site_setup/allowed_html/start.1411664133.txt.gz · Last modified: 2017/02/23 07:29 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki