I have a number of things added in my 8.5 platform in the HTMLSanitation area. I am working on the upgrade to 10.1 and my configurations are not being used. Based on this documentation page, https://community.telligent.com/community/10/w/legacy-user-documentation/59239/html-sanitization, it looks like it should still work.
In 8.5 I have the changes in the communityserver-override file. This document talks about them being in the communityserver file itself. I have tried both without success. I also noted that in an OOTB installation there aren't any HTMLSanitation configuration entries in the communityServer config file.
Where did this configuration move to? Or what am I doing wrong?
The low-level HTML sanitization options were removed in favor of content filtering which both controls raw HTML support, but also specific integrations and data validation. Content filtering also directly modifies the content editor to reflect the filtering configuration (for example, if you disable file embedding, the file upload options are removed from the UI and the limitation is enforced on the server as well).
See https://community.telligent.com/community/10/w/user-documentation/59731/how-do-i-control-the-type-and-functionality-of-content-that-can-be-posted-on-my-community for more details.
I am not sure that is the answer. The tinyMCE is filtering out the content before it is saved. One specific example is I want to allow a <video> into a post where the video is not hosted in Telligent ... not using the video transcoder and the native renderHTML call. Such as I want to allow this code in a post.
<video preload="none" width="640" height="360" controls="controls" poster="">someserver.com/.../MyVideo.jpg" id="html5_video_2zam17hm9cs"> <source src="http://someserver.com/videos/videos/MyVideo.mp4" type="video/mp4"> Your browser does not support the HTML5 video tag. </video>
All TinyMCE leaves me with is the "Your browser does not support the HTML5 video tag."
Looking at the Filtering configuration panel, I don't see how that allows me to add that this as an allowable option.
As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.
Also, related ... Is the ability to change/rearrange what options are in the tinyMCE controls gone?
Video can be embedded by URL with the existing insert file UI in TinyMCE.
Alternatively, an extension to the editor can be implemented to support inserting more rich or otherwise unsupported content. See https://community.telligent.com/community/10/w/developer-training/53227/extending-the-content-editor for more details.
Bill Corley said:As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.
The legacy documentation is in the process of being reviewed and migrated to the User Documentation area of this site. That work is not done yet, so some legacy documentation exists that isn't completely accurate. I apologize for the confusion.
Bill Corley said:Is the ability to change/rearrange what options are in the tinyMCE controls gone?
Yes. The low level access to the editor's configuration caused many support issues. In place of low level HTML sanitization and editor configuration, content filtering exposes options to adjust what UI and functionality is enabled within platform-defined limits.
I was afraid you were going to say that. I really didn't want to have to write a plugin. I guess that is what I will have to do. Thanks for the reference. The problem that leaves me with is existing pages with "offending" code. If they are touched as things stand right now, they will lose content and functions without knowing why.
One more thing for my upgrade punch list.
The reason we don't support raw video/audio/object tags in source is that the rich editor (TinyMCE) leverages the browser for editing and is subject to the underlying browser's HTML editing capabilities and HTML adjustments. With the video/audio/object tags specifically, we have found that browsers make lossy edits to the raw HTML that TinyMCE does not work around and results in inaccurate editing of these specific tags.
One last thing, can you point me to a specific piece of code that implements this type of "HTML Sanitation".
I'm not sure I understand the question. Are you asking for more details about the IEmbeddedContentFragmentType? If yes, here are a few notes based on what I understand of your need so far:
I think that helps. I was thinking in the wrong paradym. I was still thinking about scrubbing where this is about adding a new input type. But will that actually allow code in existing posts to be handled correctly if they are ever edited? I suspect not.