Opened 7 years ago

Closed 6 years ago

#1582 closed improve feature (fixed)

allow basic HTML in forms (htmlpurifier)

Reported by: crumbking Owned by: sitatara
Priority: minor Milestone: 2.0
Component: BW Profile Keywords: html, profile
Cc: shevek


As requested by the community we should enable links in forms like in the profile page.


Change History (12)

comment:1 Changed 7 years ago by crumbking

I tested this issue locally. All forms except the profile summary doesn't work. HTML links are not converted to links. I guess the bug is somewhere in members/templates/profile.subcolumn_left.php

Last edited 7 years ago by crumbking (previous) (diff)

comment:2 Changed 7 years ago by jsfan

  • Milestone Future deleted

Milestone Future deleted

comment:3 Changed 6 years ago by sitatara

  • Cc shevek added
  • Keywords html profile added
  • Milestone set to unassigned
  • Owner set to sitatara
  • Status changed from new to assigned

It is actually possible to insert links in all text fields. I tested this - see my profile. You just have to enter the link address, no HTML tags.

By the way, we strip the tags in members/members.model.php

Not sure if we should just allow tags in general or only links?

comment:4 Changed 6 years ago by crumbking

The output should go through the htmlpurifier. What kind of html tags we are allowing would be the question. I guess links are okay. Also some text formating options, too.

comment:5 Changed 6 years ago by crumbking

I checked members/templates/profile.subcolumn_left.php again. Seems like everyting goes through the purifier, which is fine. Maybe someone changed this in the meanwhile?

comment:6 Changed 6 years ago by sitatara

Yes, everything goes through the purifier but additionally, in members/members.model.php, we use the function strip_tags for most of the profile fields. Do we need this function? Or is the purifier enough?

comment:7 Changed 6 years ago by sitatara

  • Milestone changed from unassigned to 2.0
  • Status changed from assigned to local_testing

I removed the strip_tag function from the text fields in profiles to allow basic html formatting:

Everything still goes through the AdvancedHTMLPurifier. Allowed tags in the purifier are: b,a[href],br,i,strong,em,ol,ul,li,dl,dt,dd,blockquote.

Strip_tags is still used in the fields "Website" (entered URL is "linkified") and "Occupation".

Please test locally and give feedback if you think the changes should more/less restrictive.

comment:8 Changed 6 years ago by sitatara

  • Status changed from local_testing to to_alpha

comment:9 Changed 6 years ago by sitatara

  • Status changed from to_alpha to testing

comment:10 Changed 6 years ago by sitatara

I tested b, a href, br and i. Those work for me. I also tested ul and li and that didn't work. I guess that's because you need to enter an ul class on BW and if I do that the class is stripped by the purifier, so it doesn't work.

comment:11 Changed 6 years ago by shevek

Closed as fixed.

comment:12 Changed 6 years ago by sitatara

  • Resolution set to fixed
  • Status changed from testing to closed
Note: See TracTickets for help on using tickets.