The pillars of Drupal's text handling are filters and input formats. A filter is a set of rules that can be applied to transform text in some way and an input format is an ordered collection of filters. Any text that is being displayed to the browser should be run through the filters in an input format first.
The Filter core module allows you to configure formats for text input for your site.
- In Drupal 7, these settings are under "Text formats" on the "Configuration" screen.
- In Drupal 6 and earlier, these settings are under "Input formats" in the "Site Configuration" area.
Drupal's Core Filters
- HTML Filter
- Line Break Converter
- URL Filter
- PHP Evaluator
Drupal's Core Input Formats
- Filtered HTML
- PHP Code
- Full HTML
Best Practices
Whenever working with user-generated content, it's always best to keep input format settings as secure as possible. Here are some things to consider:
- Using the "Full HTML" filter allows HTML to be posted unfiltered. This could represent a severe security risk.
- The PHP Filter is especially dangerous, because it allows, among other things, code-driven queries to be run on your site's database. Grant this input format to users who are not only trusted but really know what they are doing with PHP and Drupal. A one-character typo could end up with horrifying consequences.
- Note that blanket inclusion of something like an <img> could result in someone posting an image that is just too big for your page layout, breaking the site. Explore contributed modules to upload and resize images so they fit nicely on your site.
- Explore contributed modules to install special filters that allow video embeds, references to other posts, and so on. See http://drupal.org/node/779080 for documentation on many modules to extend and enhance input filters.
Many More Filters Available
- BBCode - Allows users to specify markup using BBCode.
- Code Filter - Renders syntax-highlighted PHP code. This module is used on Drupal.org.
- DruTex - A LaTex renderer that can, among other things, render mathematical formulas and generate PDFs of nodes.
- Inline Filter - Uses a [inline:filename.jpg] syntax to allow for inline images or file links.
- Paging Filter - Break long pages into smaller ones by means of a "page" tag.
- Pirate Filter - Turns English into Pirate speak.
- Smileys - Parses smiley character combinations and replaces them with inline smiley images.
- Word Filter - Filters a list of restricted words.
The filtering of output is an essential part of web publishing and one of Drupal's great strengths. Understanding the difference between input formats and filters, and how to configure each, is an essential step in becoming a great Drupal site administrator. Drupal modules can implement filters to make your site powerful and fun.
- By
Bhavin Ahya,
Consultant, CIGNEX India Office