Skip to content

Retricting allowed elements

Jump to bottom Edit New page
indigoxela edited this page Sep 7, 2024 · 10 revisions

Below is a quick example for a restricted profile.

filter_allowed_html is the setting for the Filter module – which tags will be allowed to get displayed after saving. These are the elements, that get merged to the "Limit allowed HTML tags" filter in the admin form on /admin/config/content/formats/FORMAT (this acts as an allowlist for the display).

valid_elements is the setting for TinyMCE, which tags to allow when editing (default: not set). All other tags will get removed (not their text content), all attributes that are not explicitly set, will get stripped.

Additionally this example profile uses the default "link" plugin instead of "backdroplink" and restricts its settings to only URL and text, so it's, for example, appropriate for comments from anonymous.

Find more info about TinyMCE filtering options in their documentation.

{
    "_config_name": "tinymce.profiles.restricted",
    "name": "restricted",
    "label": "Restricted",
    "filter_allowed_html": "a,em,strong,cite,blockquote,ul,ol,li,h3,h4,h5,p,span",
    "tiny_options": {
        "valid_elements": "a[!href],em,strong,cite,blockquote,ul,ol,li,h3,h4,h5,#p,-span",
        "menubar": false,
        "toolbar": "bold italic blockquote | styles | bullist numlist | link unlink",
        "plugins": "link lists autoresize",
        "link_target_list": false,
        "link_title": false,
        "style_formats": [
            {
                "title": "Paragraph",
                "format": "p"
            },
            {
                "title": "Heading 3",
                "format": "h3"
            },
            {
                "title": "Heading 4",
                "format": "h4"
            },
            {
                "title": "Heading 5",
                "format": "h5"
            }
        ]
    }
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally