Increasingly, websites are offering a bit of HTML you can paste into your site to show some cool feature: Facebook or Twitter feeds, YouTube videos, badges from site or another. You try copying and pasting the HTML into a Joomla article or a custom HTML module, and you find that the code gets stripped, removing critical tags like script or iframe, so it doesn’t work correctly. Then you try to go find a Joomla extension that will allow you to post the information. It’s frustrating!
There are two places where code might get stripped or changed inside of Joomla. One is the editor, and one is Joomla itself.
Eliminate code-stripping in the editor
If you are working with TinyMCE, Joomla’s default editor, there is no way to turn off code stripping in Joomla 1.7 that I’ve been able to find. (If you find it, please comment and let me know how you did it.)
Compare what you see in Joomla 1.5 vs. Joomla 1.7 when you go to Extensions – Plugin Manager, Editor-TinyMCE plugin:
You can see there are ways to turn off code-stripping in Joomla 1.5 that simply aren’t available in Joomla 1.7. I don’t know of any way to keep TinyMCE from stripping code in Joomla 1.7.
Eliminate code-stripping in Joomla
The second place code-stripping occurs is from within Joomla itself. Joomla automatically applies a blacklist filter for HTML tags to whatever you enter in any editor. This strips out tags like iframe, embed, object, script, form, and many others.
However, you have excellent control over this in Joomla 1.7. Go to Content – Article Manager, click the Options button in the upper right, and go to the Text Filtering tab.
You will see each user group established for your site, and they are probably all set to Black List (Default) in their dropdown. Mousing over the dropdown in the Filter Type column pulls up a helpful tooltip describing the choices in the dropdown.
- Black List filters tags listed in the tooltip (iframe, embed, script, etc). You can filter additional tags and attributes by listing them in the neighboring columns to each user group.
- White List allows only the tags you specify in the Filter Tags and Filter Attributes fields, which are located next to each user group. A tag would include p, h2, ul, form, and so forth. An attribute is something that goes within a tag. In the case of the form tag, you might find action or name as attributes. If you choose White List, you may be typing for quite a while listing which tags are permitted!
- No HTML means HTML is simply not permitted and all tags will be stripped when a member of this user group tries to save something.
- No Filtering means no filtering occurs. All tags are accepted.
Perfect, you think. I’ll set this to No Filtering. I can post my feeds and videos and life is beautiful again.
But be careful which group gets the No Filtering filter. In general, your Super Users will have many ways to hurt a website, so you might give it to them. I would certainly not recommend No Filtering for anyone with front-end access. It would be easy for a hacker to put something into your site that shouldn’t be there. No Filtering is a great setting, but be sure you only give it to people you can trust.