Be able to set the allowed HTML tags in a blog post


TinyMCE filters the HTML tags that you're allowed to use. It would be nice if you could add additional allowed tags to let you do things like embed YouTube clips.

It would be even better if you could set this differently for different users and for different content types.
Closed Mar 9, 2011 at 6:18 AM by JilkaBian


RichardGarside wrote Aug 5, 2010 at 12:17 AM

For now, I've just editted tinyMCE.init({

and added:

extended_valid_elements: "canvas[id,width,height],script[src,type]"

So I can write a blog post that includes my canvas tag experiments.

BertrandLeRoy wrote Aug 6, 2010 at 7:40 PM

This could be made a setting for the body part. Could be a nice, easy contribution too. ;)

RichardGarside wrote Aug 7, 2010 at 5:24 PM

I'll have a go once I've successfully completed my first module.

JasonBunting wrote Nov 14, 2010 at 11:44 PM

Any movement on someone enhancing the TinyMce module?

I ran into the problem mentioned trying to use additional HTML5 tags and needed to modify the same property, extended_valid_elements; it would be really nice to have a way of configuring these additional valid elements, as well as arbitrarily including/excluding them on a per-user basis.

If a miracle happens and I am able to find time, perhaps I will try to work this into the TinyMce module myself - but that's highly unlikely considering my current workload, unfortunately.

RichardGarside wrote Nov 15, 2010 at 10:14 AM

This has been put on the back burner for me. I will try to come back to it, but it's unlikely I'll get a chance before version 1 of Orchard comes out. If anyone else feels like making this module, then please feel free.

rpaquay wrote Nov 17, 2010 at 10:40 PM

Nathan, this is related to another bug. Is this easy/safe to do for v1?

BertrandLeRoy wrote Dec 9, 2010 at 7:08 PM

How does this filter make any sense in the first place? Can we disable all filtering and be done with it?

skewed wrote Dec 9, 2010 at 8:18 PM

Here's the info on the default filter -> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements
and the way to modify/extend it -> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/extended_valid_elements

I don't think it would work to enable setting of extended_valid_elements in a BodyPart setting since the BodyPart is editor agnostic. A site setting with a textarea for that setting would be a simple solution and better than what we have now.

The filter could be useful if someone is putting users into author roles (or in any case) where it's likely stuff you don't want published is pasted into the editor. Sure, we could probably let everything through by default but then we're left again with something that isn't configurable other than by theming the tinymce editor template. Not a terrible solution either but would require some technical knowledge to apply the override.

So, with the time we have left to take care of this for the next release. Site setting to modify what's allowed or allow everything and recommend theming the template (even provide an example) to override the filter - or leave it as-is with the same recommendation.

BertrandLeRoy wrote Dec 9, 2010 at 9:35 PM

What I still don't understand is how that helps at all given the server is not re-doing the same validation. The way I see it, it seems to be more to ensure consistent style than a security measure (if it was it's utterly inefficient and badly designed unless I'm missing something). It seems like the lowest cost here is to add, statically, without a setting, the tags necessary for video to work (both HTML 5 and Flash/SL video).
If we do that, let's open a separate bug to make that configurable, that we will move to 1.0+.

skewed wrote Dec 9, 2010 at 11:44 PM

Yeah, the filter is definitely not not there for security, it's still just a textarea in a form.

I thought there was anther bug for needing iframes to stick too. I don't mind hardcoding the additional valid elements for now especially if we catch the common asks. You mentioned tags necessary for embedding video, the first comment here lists canvas and script and I have needed to allow iframes to stick a map inline on one of my sites....

BertrandLeRoy wrote Dec 10, 2010 at 12:08 AM

Alright. Assigning to you then.

BertrandLeRoy wrote Dec 10, 2010 at 12:09 AM

I created http://orchard.codeplex.com/workitem/17006 to take care of this in a more generic and scalable manner.

skewed wrote Dec 11, 2010 at 12:16 AM

Added a bunch of additional elements to support what's been requested (w/ changeset 9ca443abea96).

I have the canvas and script tags from @RichardGarside 's comment, video, audio and source tags for html5 audio and video, object, param and embed for flash, silverlight, etc. and iframe all in there.

Here's the raw value:
extended_valid_elements: "canvas[id|width|height],script[src|type]," +
        "object[classid|codebase|width|height|align|name|id],param[name|value],embed[quality|type|pluginspage|width|height|src|align]," +
        "iframe[src|frameborder|width|height|scrolling|name|id]," +
Anything else need to make it in for 1.0?

jakeflamingau wrote May 7, 2014 at 9:16 AM

For responsive behavior and search engine friendlessness HTML tags in blog post is a good idea. There is a add-on name web developer, that might be helpful to analyze the blog content.
Stay at my website - http://www.technocrab.com/

optratec wrote Feb 3, 2015 at 11:11 AM

that is good idea for insert HTML tag in blog post. mainly heading tag are useful in the content optimization like h1 show title. its a navigation and helps search engine friendly
ref- https://www.optratec.com/

susanquillin4 wrote Jun 26, 2016 at 6:47 AM

@RichardGarside Superb idea.. I used your trick and now I am able to HTML.. I have used it on my website http://kilobytes.in/services/web-design-mumbai-india/ and will use it more on other websites too..