I have a number of things added in my 8.5 platform in the HTMLSanitation area. I am working on the upgrade to 10.1 and my configurations are not being used. Based on this documentation page, https://community.telligent.com/community/10/w/legacy-user-documentation/59239/html-sanitization, it looks like it should still work.
In 8.5 I have the changes in the communityserver-override file. This document talks about them being in the communityserver file itself. I have tried both without success. I also noted that in an OOTB installation there aren't any HTMLSanitation configuration entries in the communityServer config file.
Where did this configuration move to? Or what am I doing wrong?
The low-level HTML sanitization options were removed in favor of content filtering which both controls raw HTML support, but also specific integrations and data validation. Content filtering also directly modifies the content editor to reflect the filtering configuration (for example, if you disable file embedding, the file upload options are removed from the UI and the limitation is enforced on the server as well).
See https://community.telligent.com/community/10/w/user-documentation/59731/how-do-i-control-the-type-and-functionality-of-content-that-can-be-posted-on-my-community for more details.
I am not sure that is the answer. The tinyMCE is filtering out the content before it is saved. One specific example is I want to allow a <video> into a post where the video is not hosted in Telligent ... not using the video transcoder and the native renderHTML call. Such as I want to allow this code in a post.
<video preload="none" width="640" height="360" controls="controls" poster="">someserver.com/.../MyVideo.jpg" id="html5_video_2zam17hm9cs"> <source src="http://someserver.com/videos/videos/MyVideo.mp4" type="video/mp4"> Your browser does not support the HTML5 video tag. </video>
All TinyMCE leaves me with is the "Your browser does not support the HTML5 video tag."
Looking at the Filtering configuration panel, I don't see how that allows me to add that this as an allowable option.
As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.
Also, related ... Is the ability to change/rearrange what options are in the tinyMCE controls gone?
Video can be embedded by URL with the existing insert file UI in TinyMCE.
Alternatively, an extension to the editor can be implemented to support inserting more rich or otherwise unsupported content. See https://community.telligent.com/community/10/w/developer-training/53227/extending-the-content-editor for more details.
Bill Corley said:As a side note, if the HTMLSanitation stuff no longer works in 10 it shouldn't be in the 10 documentation. Just say'in.
The legacy documentation is in the process of being reviewed and migrated to the User Documentation area of this site. That work is not done yet, so some legacy documentation exists that isn't completely accurate. I apologize for the confusion.
Bill Corley said:Is the ability to change/rearrange what options are in the tinyMCE controls gone?
Yes. The low level access to the editor's configuration caused many support issues. In place of low level HTML sanitization and editor configuration, content filtering exposes options to adjust what UI and functionality is enabled within platform-defined limits.
One last thing, can you point me to a specific piece of code that implements this type of "HTML Sanitation".
I'm not sure I understand the question. Are you asking for more details about the IEmbeddedContentFragmentType? If yes, here are a few notes based on what I understand of your need so far:
I think that helps. I was thinking in the wrong paradym. I was still thinking about scrubbing where this is about adding a new input type. But will that actually allow code in existing posts to be handled correctly if they are ever edited? I suspect not.
Bill Corley said:But will that actually allow code in existing posts to be handled correctly if they are ever edited? I suspect not.
No, unfortunately, it will not. Once you have the plugin implemented and embed a video and then view the source in the editor, it may be possible to run a schema patch to update old video references to use the format of the new embed type (the URLs and reference to the embed type are serialized into the post body).
Once you have the plugin setup, ping me and I can help with the clean-up of existing data.
Thanks Ben. I appreciate your patience. Bottom line on my original post is the type of HTML Sanitation I had been making use of doesn't exist in 10. I'll have to figure out how big of a problem I have. The <video> tag was the one that came to the top of my mind. I need to figure out what other things might be affected by the changes I had made. Obviously, if we don't edit old stuff we are OK ...
The Insert media from URL really only has one drawback that at times we find problematic. That is the choice of the Poster shot. Communications people are very particular about what frame they want to use. Having the ability to choose a specific image is a critical factor.