How to stop Joomla from stripping HTML tags from form input?
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Mon Mar 23, 2009 5:02 pm
How to stop Joomla from stripping HTML tags from form input?
Hi everyone
My Joomla installation keeps removing all HTML tags from form input. I'm using both tinyMCE and FCKeditor, in differnet modules, but joomla keeps stripping away any HTML tags.
I've made sure everybody is whitelisted in the artickes>parameters, so it's not that. Don't really know what else it could be? Has anybody else had this problem?
yours gratefully . . . simonium
My Joomla installation keeps removing all HTML tags from form input. I'm using both tinyMCE and FCKeditor, in differnet modules, but joomla keeps stripping away any HTML tags.
I've made sure everybody is whitelisted in the artickes>parameters, so it's not that. Don't really know what else it could be? Has anybody else had this problem?
yours gratefully . . . simonium
-
- Joomla! Apprentice
- Posts: 23
- Joined: Sat Dec 20, 2008 9:41 am
- Location: UK
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Hi
I am trawling this forum to find an answer to my HTML form action tag being stripped.
I am trying to enter a form in HTML and Joomla keeps stripping the action tag from the post tag i.e
<form method="post" action="http://www.siteiwanttogoto/index.htmk">
to
<form method="post" >
When I click the save button
Did you ever find an answer to your problem?
Kind regards
Simon
I am trawling this forum to find an answer to my HTML form action tag being stripped.
I am trying to enter a form in HTML and Joomla keeps stripping the action tag from the post tag i.e
<form method="post" action="http://www.siteiwanttogoto/index.htmk">
to
<form method="post" >
When I click the save button
Did you ever find an answer to your problem?
Kind regards
Simon
Simon Champion
joomlainformation - central resource for all things Joomla! related - tutorials, reviews, useful links, Joomla! templates
email: [email protected] - web: http://www.joomlainformation.com
Signature rules - 4 lines only.
joomlainformation - central resource for all things Joomla! related - tutorials, reviews, useful links, Joomla! templates
email: [email protected] - web: http://www.joomlainformation.com
Signature rules - 4 lines only.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Mon Mar 23, 2009 5:02 pm
Re: How to stop Joomla from stripping HTML tags from form input?
I found an answer to my problem alright, I seem to remember posting the solution on the forum but I don't know where it went.
I think what you're looking for is a function in the file "/libraries/phpinputfilter/inputfilter.php", there are two functions called filterTags, and filterAttr respectively, you'll need the look at those functions. (as far as I remember anyway).
hope this helps.
I think what you're looking for is a function in the file "/libraries/phpinputfilter/inputfilter.php", there are two functions called filterTags, and filterAttr respectively, you'll need the look at those functions. (as far as I remember anyway).
hope this helps.
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
I found your response by looking at your previous posts.
Can you elaborate on how you edited those functions? They seem kind of important.
How to stop Joomla from stripping tags from Frontend Input:
edit the file : libraries/joomla/filter/filterinput.php, edit the functions "_cleanTags" and "_remove", problem solved!
Can you elaborate on how you edited those functions? They seem kind of important.
How to stop Joomla from stripping tags from Frontend Input:
edit the file : libraries/joomla/filter/filterinput.php, edit the functions "_cleanTags" and "_remove", problem solved!
Site: http://billengle.info
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Anyone know how? Trying to use in my custom component.
Site: http://billengle.info
-
- Joomla! Apprentice
- Posts: 7
- Joined: Mon Mar 23, 2009 5:02 pm
Re: How to stop Joomla from stripping HTML tags from form input?
sorry for taking so long to get to you, actually the file you need to edit is :
"libraries\joomla\filter\filterinput.php" and the only function you need to edit is the '_remove($source)' function.
I replaced the content of this function with the following code:
I don't know if Joomla's more senior coder's would approve of this method, and there may some security concerns here, I'm not sure, but it fixed the problem for me.
I hope this helps.
"libraries\joomla\filter\filterinput.php" and the only function you need to edit is the '_remove($source)' function.
I replaced the content of this function with the following code:
Code: Select all
function _remove($source) {
// prevent php injection
$source = str_replace("<?", "", $source);
// prevent xss
$source = str_replace("<script", "", $source);
$source = str_replace("</script>", "", $source);
// prevent sql injection
$source = str_replace("'", "'", $source);
return $source;
}
I hope this helps.
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
In Joomla! 1.5.8 (I believe), a default was changed to enable input filtering for Articles. At that time, many people noticed HTML was stripped from input. This change was made for security purposes.
You can adjust text filtering to meet your needs. Here is a wiki entry explaining how to do that: http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
I cannot think of any examples with Joomla! 1.5 where I would recommend a core hack. It would be a good idea to force yourself to not do so - but instead use Google's Advanced Search - and enter joomla.org for the domain - to see if you can find better information. This filter change was also described in the release notes - so, I encourage reading those details when you upgrade.
Hopefully, you backed up the core file you changed. I recommend putting it back to it's delivered state. If you didn't back up the file, you can download a new copy of Joomla!, unzip the distribution into a temporary file, and recover the core file in that manner. Then, upload it to your Web site.
Amy
You can adjust text filtering to meet your needs. Here is a wiki entry explaining how to do that: http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
I cannot think of any examples with Joomla! 1.5 where I would recommend a core hack. It would be a good idea to force yourself to not do so - but instead use Google's Advanced Search - and enter joomla.org for the domain - to see if you can find better information. This filter change was also described in the release notes - so, I encourage reading those details when you upgrade.
Hopefully, you backed up the core file you changed. I recommend putting it back to it's delivered state. If you didn't back up the file, you can download a new copy of Joomla!, unzip the distribution into a temporary file, and recover the core file in that manner. Then, upload it to your Web site.
Amy
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Hi Amy,
Thanks for the response. I actually did try this but don't think it worked (at least for my custom component). Does this also work for custom components or just the articles? I will have to check again as it has been a few days. And yes, I agree that core hacks are probably not the best route.
Thanks.
Thanks for the response. I actually did try this but don't think it worked (at least for my custom component). Does this also work for custom components or just the articles? I will have to check again as it has been a few days. And yes, I agree that core hacks are probably not the best route.
Thanks.
AmyStephen wrote:In Joomla! 1.5.8 (I believe), a default was changed to enable input filtering for Articles. At that time, many people noticed HTML was stripped from input. This change was made for security purposes.
You can adjust text filtering to meet your needs. Here is a wiki entry explaining how to do that: http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
I cannot think of any examples with Joomla! 1.5 where I would recommend a core hack. It would be a good idea to force yourself to not do so - but instead use Google's Advanced Search - and enter joomla.org for the domain - to see if you can find better information. This filter change was also described in the release notes - so, I encourage reading those details when you upgrade.
Hopefully, you backed up the core file you changed. I recommend putting it back to it's delivered state. If you didn't back up the file, you can download a new copy of Joomla!, unzip the distribution into a temporary file, and recover the core file in that manner. Then, upload it to your Web site.
Amy
Site: http://billengle.info
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
I performed the change for Article manager and it actually did save the html formatting for the Article. This did not have an affect on my custom component that uses JCE. It loses the html formatting.
Site: http://billengle.info
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Wager - look at how com_content Article model implements the filtering and make certain it does it the same way for your custom component. Also, remove JCE from the equation during testing to ensure it's not JCE filtering that is causing trouble.
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Well I reviewed the code and I don't see where the option for stripping html is occurring.
Site: http://billengle.info
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Check out the code in administrator/components/com_content/models/article.php -- beginning with // Filter settings .
That should help you work with JFilterInput.
See if it makes sense but feel free to ask, of course, if you have questions.
Good luck!
Amy
That should help you work with JFilterInput.
See if it makes sense but feel free to ask, of course, if you have questions.
Good luck!
Amy
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Hi Amy,
Thanks again for your response. I am on 1.5.10 and did not see this file in the specified location. I see an element.php file but no filter settings section. I will look into JFilterInput to see if I can figure it out. Its all new to me.
Thanks.
Thanks again for your response. I am on 1.5.10 and did not see this file in the specified location. I see an element.php file but no filter settings section. I will look into JFilterInput to see if I can figure it out. Its all new to me.
Thanks.
Site: http://billengle.info
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Well I finally got it based on the below thread. I realized that when I was binding the post (see below bad code) I was actually pulling the original data instead of allowing html. I would recommend against the hack mentioned above as this is an easy and "secure" solution.
http://forum.joomla.org/viewtopic.php?f=474&t=398025
Good code.
Bad code.
http://forum.joomla.org/viewtopic.php?f=474&t=398025
Good code.
Code: Select all
$post = JRequest::get( 'post' );
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWHTML );
if (!$sgrow->bind( $post )) {
Code: Select all
$post = JRequest::get( 'post' );
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWHTML );
if (!$sgrow->bind( JRequest::get( 'post' ) )) {
Site: http://billengle.info
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
So what is the solution for people who just upgraded, expecting to be able to post HTML in the HTML(!) editor?
No matter what code I post, all that is left in the end are the dividers.
No matter what code I post, all that is left in the end are the dividers.
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Not sure. I'm using jce editor with 1.5.10. I didn't have a problem retrieving the data. It was not filtered. In my case it was only filtering when saving.
Site: http://billengle.info
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
How is it possible that filtering is still happening even after I stripped all the tags from filterinput.php?
Is there a master off switch or something?
Thanks
- B
Is there a master off switch or something?
Thanks
- B
-
- Joomla! Intern
- Posts: 89
- Joined: Thu Apr 30, 2009 6:21 pm
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Don't use the hack stated by the OP. All I did was change article params to blacklist for all (see amy's post not sure if this was necessary) and then in my custom component I added the good code see above. No hack required.
Site: http://billengle.info
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
I think we have two focuses in this thread -- each related to HTML tags, but the solutions are different depending on your focus.
First of all, I never recommend hacking core and still do not know of any situation where you would really have to do that.
If you are *using* Joomla! 1.5 and you want your articles to include HTML, but are finding the HTML stripped when you save the article, use this advice:
If you are hacking the core, then you are probably not finding the intended solution which is typically a parameter setting.
Amy
First of all, I never recommend hacking core and still do not know of any situation where you would really have to do that.
If you are *using* Joomla! 1.5 and you want your articles to include HTML, but are finding the HTML stripped when you save the article, use this advice:
If you are creating a Custom Component, and want to use JFilterInput when you save your content, use this advice:AmyStephen wrote:You can adjust text filtering to meet your needs. Here is a wiki entry explaining how to do that: http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
@wager - Sorry I incorrectly had administrator/ in front of that location. Check the location, above.AmyStephen wrote:Check out the code in components/com_content/models/article.php -- beginning with // Filter settings .
If you are hacking the core, then you are probably not finding the intended solution which is typically a parameter setting.
Amy
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
Hi Amy,AmyStephen wrote: If you are *using* Joomla! 1.5 and you want your articles to include HTML, but are finding the HTML stripped when you save the article, use this advice:AmyStephen wrote:You can adjust text filtering to meet your needs. Here is a wiki entry explaining how to do that: http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
That info page raises a few additional questions:
- It mentions these settings for user groups. So why are my (Super Administrator) tags being stripped?
- How do you turn whatever is messing with my posts off? If I post a Form in the html editor, all I'm left with is <div> </div>
Thank you
- Bjorn
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Bjorn -
If I am not mistaken, Joomla! 1.5.10 addressed that issue. There should be NOT be any HTML filtering for Super Administrator if you are at the latest release.
I believe this was the patch to correct that:
http://joomlacode.org/gf/project/joomla ... m_id=14758
If you are not at the latest release (1.5.10 at this writing), then upgrade and that problem should be resolved.
Thanks!
Amy
If I am not mistaken, Joomla! 1.5.10 addressed that issue. There should be NOT be any HTML filtering for Super Administrator if you are at the latest release.
I believe this was the patch to correct that:
http://joomlacode.org/gf/project/joomla ... m_id=14758
If you are not at the latest release (1.5.10 at this writing), then upgrade and that problem should be resolved.
Thanks!
Amy
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
I am on 1.5.10, I upgraded from 1.5.8 when the update came out.
Cheers
- Bjorn
Cheers
- Bjorn
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Bjorn -
Have you used the instructions on this page? http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
If not, try those instructions and see if you can post your form.
Amy
Have you used the instructions on this page? http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
If not, try those instructions and see if you can post your form.
Amy
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
Hi Amy,
I did follow the instructions with no luck.
Not all tags are being removed, just some of them.
For example, posting this code works:
The following code which is just a button doesn't work:
In fact, after posting that into the html editor - upon reopening the editor all that is left is:
I did follow the instructions with no luck.
Not all tags are being removed, just some of them.
For example, posting this code works:
Code: Select all
<object width="800" height="540"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=4566083&server=vimeo.com&show_title=1&show_byline=0&show_portrait=0&color=00ADEF&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=4566083&server=vimeo.com&show_title=1&show_byline=0&show_portrait=0&color=00ADEF&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="800" height="540"></embed></object><p><a href="http://vimeo.com/4566083">This one time...</a> from <a href="http://vimeo.com/user903988">nelson boles</a> on <a href="http://vimeo.com">Vimeo</a>.</p>
Code: Select all
<form action='https://www.2checkout.com/2co/buyer/purchase' method='post'>
<div>
<input type='hidden' name='sid' value='1252191'>
<input type='hidden' name='quantity' value='1'>
<input type='hidden' name='product_id' value='19'>
<input name='submit' type='submit' value='Buy from 2CO' >
</div>
</form>
Code: Select all
<div> </div>
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
If you are using the tiny MCE Editor you may also want to adjust these settings in the plugin
Code Cleanup on Startup Off On
Code cleanup on save Never Front Only. Always
Do not clean HTML entities. Yes No
Code Cleanup on Startup Off On
Code cleanup on save Never Front Only. Always
Do not clean HTML entities. Yes No
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Champion
- Posts: 7018
- Joined: Wed Nov 22, 2006 3:35 pm
- Location: Nebraska
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Dave -
I added your additions to the bottom of that Wiki page - will you please review and see if it makes sense?
http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
Thanks!
Amy
I added your additions to the bottom of that Wiki page - will you please review and see if it makes sense?
http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F
Thanks!
Amy
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
Works for me
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
- Empowermom
- Joomla! Apprentice
- Posts: 29
- Joined: Sun Mar 16, 2008 12:47 pm
- Location: Chickamauga, GA
- Contact:
Re: How to stop Joomla from stripping HTML tags from form input?
May also want to check:
JOOMLA ARTICLE PARAMETERS-> FILTERS:
You MUST have at least TWO people whitelisted. Since I'm currently working offline on a new site and I'm the only user, I created a second logon for myself and now I am two SuperAdmins. Next, I Blacklisted everyone EXCEPT the Admins and SuperAdmins (that's both of Me).
Also, DO NOT include any filters or tags when you do this.
JOOMLA ARTICLE PARAMETERS-> FILTERS:
You MUST have at least TWO people whitelisted. Since I'm currently working offline on a new site and I'm the only user, I created a second logon for myself and now I am two SuperAdmins. Next, I Blacklisted everyone EXCEPT the Admins and SuperAdmins (that's both of Me).
Also, DO NOT include any filters or tags when you do this.
Joomla! Don't design without it.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 09, 2009 12:32 pm
Re: How to stop Joomla from stripping HTML tags from form input?
Excellent!dhuelsmann wrote:If you are using the tiny MCE Editor you may also want to adjust these settings in the plugin
Code Cleanup on Startup Off On
Code cleanup on save Never Front Only. Always
Do not clean HTML entities. Yes No
Code cleanup on save was set to Always. I set it to Never.
Now I can post the button code.
Its not an accurate function description though. This fixes the code cleanup I got when updating the HTML editor. I didn't realize that counts as "save".
Anyway, thank you Dhuelsmann and Amy!
- Bjorn
-
- Joomla! Fledgling
- Posts: 2
- Joined: Thu May 21, 2009 1:24 am
Re: How to stop Joomla from stripping HTML tags from form input?
Hi There,
I have encountered the same HTML tag stripping issue in Joomla 1.5.10, but my efforts to fix it by the altering the text filtering in the Article Manager Parameters - the method recommended above (and in other forums) - has been frustrated by the fact that the Global Configurations panel that comes up when I click on Parameters in the Article Manater toolbar only extends as far as the following radio button optiony:
For each feed item show Intro Text Full Text
It does not continue to include the expected Filtering Options section where I can change the blacklist / whitelist settings. Any ideas as to why this is. I am completely stumped.
Thanks in advance,
Matt
I have encountered the same HTML tag stripping issue in Joomla 1.5.10, but my efforts to fix it by the altering the text filtering in the Article Manager Parameters - the method recommended above (and in other forums) - has been frustrated by the fact that the Global Configurations panel that comes up when I click on Parameters in the Article Manater toolbar only extends as far as the following radio button optiony:
For each feed item show Intro Text Full Text
It does not continue to include the expected Filtering Options section where I can change the blacklist / whitelist settings. Any ideas as to why this is. I am completely stumped.
Thanks in advance,
Matt