Controlling HTML Input

An important feature of Forum is that it allows you to define white lists of HTML elements and attributes that the users may use when creating postings and article comments.

Controlling that the user does not input unwanted markup is important for many reasons. First of all, the markup may alter the design of your web page. More seriously, it may inject markup and JavaScript which loads content from other sites and displays them on your page or they may insert markup which re-directs your visitors to external web sites without they wanting - or knowing - it.

For these reasons, Forum will per default allow the user to only input the following HTML elements:

  • p

  • br

  • b

  • strong

  • i

  • em

  • u

  • code

  • cite

  • blockquote

  • acronym

  • strike

Similalry, the default white list for attributes is:

  • title

  • cite

You may configure change these white lists by editing the /com/escenic/forum/presentation/PresentationManager Nursery component inside your publication.

A Note To Template Developers

A Note To System Integrators

Copyright © 2010-2014 Escenic