Improve schema for "allowed_html" to provide a better config diff

Created on 20 April 2017, over 7 years ago
Updated 14 March 2024, 10 months ago

Problem/Motivation

I am working on a site which requires quite a specific and detailed element/attribute whitelist. My "allowed_html" setting is 1200 characters long. When updating this, it's impossible to tell from a diff what changed. In addition to this, we've found that changes manually made to the attributes and classes are reverted, chopped and changed by Drupal.behaviors.filterFilterHtmlUpdating erroneously, possibly from a bug in the JS or one of the filters we have installed.

It would be great if the schema that stored these settings provided a better diff.

Proposed resolution

Update the schema to look something like:

    allowed_html:
      type: sequence
      label: 'Allowed HTML'
      sequence:
        type: sequence
        label: 'Attributes'
        sequence:
          type: string
          label: 'Value'

Which would transform settings like:

allowed_html: '<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type>'

Into:

      allowed_html:
        a:
          href: '*'
          hreflang: '*'
        em: {  }
        strong: {  }
        cite: {  }
        blockquote:
          cite: '*'
        code: {  }
        ul:
          type: '*'
        ol:
          start: '*'
          type: '*'

Remaining tasks

Validate & see if this is something we can achieve without breaking BC.

User interface changes

API changes

Data model changes

Feature request
Status

Needs work

Version

11.0 🔥

Component
Filter 

Last updated 8 days ago

No maintainer
Created by

🇦🇺Australia Sam152

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇦🇺Australia mstrelan

    This is still very relevant today. We should match ckeditor, for example from core/profiles/standard/config/install/editor.editor.basic_html.yml:

    settings:
      plugins:
        ckeditor5_sourceEditing:
          allowed_tags:
            - '<cite>'
            - '<dl>'
            - '<dt>'
            - '<dd>'
            - '<a hreflang>'
            - '<blockquote cite>'
            - '<h2 id>'
            - '<h3 id>'
            - '<h4 id>'
            - '<h5 id>'
            - '<h6 id>'
    
  • 🇵🇰Pakistan isalmanhaider

    I agree that this issue remains pertinent, especially considering the structure used by CKEditor in Drupal core.

    Adopting a similar format for the "allowed_html" setting, as demonstrated in core/profiles/standard/config/install/editor.editor.basic_html.yml, would not only ensure consistency with CKEditor's configuration but also improve clarity and manageability for developers and site administrators.

    Such alignment could greatly enhance user experience and reduce configuration errors.

  • 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺

    This at minimum soft-blocks 📌 [PP-2] Make FilterFormat config entities fully validatable Postponed and potentially hard-blocks it.

  • 🇦🇺Australia acbramley

    Glad I found this issue, this is a problem every single time we change filter formats in any way, especially when (for example) adding new styles.

    What do people think of an interim solution where we keep the existing unstructured string and at the very least sort the tags alphabetically? That would at least alleviate very hard to parse diffs like the following:

    This is an example where a new style had been added to the table element, but all the other tags were randomly reordered.

  • 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺

    #93++ — let's do that here so we can close this already ~100-comment long issue? 😄

Production build 0.71.5 2024