HTMLSanitation in 10.1

I have a number of things added in my 8.5 platform in the HTMLSanitation area. I am working on the upgrade to 10.1 and my configurations are not being used. Based on this documentation page, https://community.telligent.com/community/10/w/legacy-user-documentation/59239/html-sanitization, it looks like it should still work. 

In 8.5 I have the changes in the communityserver-override file. This document talks about them being in the communityserver file itself. I have tried both without success. I also noted that in an OOTB installation there aren't any HTMLSanitation configuration entries in the communityServer config file. 

Where did this configuration move to? Or what am I doing wrong? 

Parents
  • The low-level HTML sanitization options were removed in favor of content filtering which both controls raw HTML support, but also specific integrations and data validation. Content filtering also directly modifies the content editor to reflect the filtering configuration (for example, if you disable file embedding, the file upload options are removed from the UI and the limitation is enforced on the server as well).

    See https://community.telligent.com/community/10/w/user-documentation/59731/how-do-i-control-the-type-and-functionality-of-content-that-can-be-posted-on-my-community for more details.

  • I am not sure that is the answer. The tinyMCE is filtering out the content before it is saved. One specific example is I want to allow a <video> into a post where the video is not hosted in Telligent ... not using the video transcoder and the native renderHTML call. Such as I want to allow this code in a post.

    <video preload="none" width="640" height="360" controls="controls" poster="">someserver.com/.../MyVideo.jpg" id="html5_video_2zam17hm9cs"> <source src="http://someserver.com/videos/videos/MyVideo.mp4" type="video/mp4"> Your browser does not support the HTML5 video tag. </video>

    All TinyMCE leaves me with is the "Your browser does not support the HTML5 video tag."

    Looking at the Filtering configuration panel, I don't see how that allows me to add that this as an allowable option. 

    As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.

    Also, related ... Is the ability to change/rearrange what options are in the tinyMCE controls gone? 

  • Video can be embedded by URL with the existing insert file UI in TinyMCE.

    Alternatively, an extension to the editor can be implemented to support inserting more rich or otherwise unsupported content. See https://community.telligent.com/community/10/w/developer-training/53227/extending-the-content-editor for more details.

    As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.

    The legacy documentation is in the process of being reviewed and migrated to the User Documentation area of this site. That work is not done yet, so some legacy documentation exists that isn't completely accurate. I apologize for the confusion.

    Is the ability to change/rearrange what options are in the tinyMCE controls gone? 

    Yes. The low level access to the editor's configuration caused many support issues. In place of low level HTML sanitization and editor configuration, content filtering exposes options to adjust what UI and functionality is enabled within platform-defined limits.

  • I was afraid you were going to say that. I really didn't want to have to write a plugin. I guess that is what I will have to do. Thanks for the reference. The problem that leaves me with is existing pages with "offending" code. If they are touched as things stand right now, they will lose content and functions without knowing why. 

    One more thing for my upgrade punch list. 

  • The reason we don't support raw video/audio/object tags in source is that the rich editor (TinyMCE) leverages the browser for editing and is subject to the underlying browser's HTML editing capabilities and HTML adjustments. With the video/audio/object tags specifically, we have found that browsers make lossy edits to the raw HTML that TinyMCE does not work around and results in inaccurate editing of these specific tags.

  • One last thing, can you point me to a specific piece of code that implements this type of "HTML Sanitation". 

  • I'm not sure I understand the question. Are you asking for more details about the IEmbeddedContentFragmentType? If yes, here are a few notes based on what I understand of your need so far:

    1. The ContentFragmentName/Description are just used to display this new editor option in the editor. "Insert remote video" for example, may be a good name.
    2. CanEmbed could always return true if you want to allow all users to embed videos.
    3. The embed configuration would likely consist of two URL properties: one for the poster image and one for the video URL.
    4. You wouldn't need to implement AddUpdateContentFragments() since you wouldn't need to store or process the configuration data until render time.
    5. PreviewImageUrl is a URL used to show this item in the Insert menu and as a placeholder image within the content of the editor.
    6. The Render method would read the two URL values from the provided configuration and format the <video> tag appropriately.
Reply
  • I'm not sure I understand the question. Are you asking for more details about the IEmbeddedContentFragmentType? If yes, here are a few notes based on what I understand of your need so far:

    1. The ContentFragmentName/Description are just used to display this new editor option in the editor. "Insert remote video" for example, may be a good name.
    2. CanEmbed could always return true if you want to allow all users to embed videos.
    3. The embed configuration would likely consist of two URL properties: one for the poster image and one for the video URL.
    4. You wouldn't need to implement AddUpdateContentFragments() since you wouldn't need to store or process the configuration data until render time.
    5. PreviewImageUrl is a URL used to show this item in the Insert menu and as a placeholder image within the content of the editor.
    6. The Render method would read the two URL values from the provided configuration and format the <video> tag appropriately.
Children
  • I think that helps. I was thinking in the wrong paradym. I was still thinking about scrubbing where this is about adding a new input type. But will that actually allow code in existing posts to be handled correctly if they are ever edited? I suspect not. 

  • But will that actually allow code in existing posts to be handled correctly if they are ever edited? I suspect not. 

    No, unfortunately, it will not. Once you have the plugin implemented and embed a video and then view the source in the editor, it may be possible to run a schema patch to update old video references to use the format of the new embed type (the URLs and reference to the embed type are serialized into the post body).

    Once you have the plugin setup, ping me and I can help with the clean-up of existing data.

  • Thanks Ben. I appreciate your patience. Bottom line on my original post is the type of HTML Sanitation I had been making use of doesn't exist in 10. I'll have to figure out how big of a problem I have. The <video> tag was the one that came to the top of my mind. I need to figure out what other things might be affected by the changes I had made. Obviously, if we don't edit old stuff we are OK ...

    The Insert media from URL really only has one drawback that at times we find problematic. That is the choice of the Poster shot. Communications people are very particular about what frame they want to use. Having the ability to choose a specific image is a critical factor.