Filter content being saved to your intranetThoughtFarmer allows for content to be filtered during save. This prevents unwanted content from being saved in your database, which in some cases can be a security risk.
For enhanced security use the "Enhanced Security filter set" shown in the Filter sections below.
Content FiltersThese are content filters created by ThoughtFarmer. Content filters are only applied once a page is saved.
Change the content filters
- Go to the Admin panel: Advanced section > Configuration Settings page.
- Type rich in the Search config settings field to narrow the list of config settings.
- Search for the config setting
- Click in the Value column, and enter a comma-separated list of filters.
- Click Save.
System filters: FixObjectTags, ConvertImageAttributesToSrcParameters, ConvertUrlsToAnchors, ConvertEmailsToMailTos. These filters are used internally by ThoughtFarmer to perform basic content cleanup tasks. These filters should not be removed.
Enhanced security filter set: ConvertImageAttributesToSrcParameters, FixObjectTags, ConvertUrlsToAnchors, StripHtmlComments, StripHtmlStyleTags, ConvertEmailsToMailTos, ScrubHtml
|FixObjectTags (system)||Tidy up object tags to make sure that they have a wmode attribute|
|ConvertImageAttributesToSrcParameters (system)||This is an internal filter used to manage the properties of images uploaded into ThoughtFarmer, it should not be removed from the list of applied filters|
|ConvertUrlsToAnchors (system)||Find URLs within the content and convert them to a clickable link in the content|
|ConvertEmailsToMailTos (system)||Find email addresses within the content and convert them to mailto: links|
|ScrubHtml||Removes all tags and attributes from the content that could be used for malicious actions. This is to help prevent cross site scripting attacks (XSS). Customizable by ScrubHtml config settings (see below).|
|StripHtmlComments||Find all Html comments within the content and remove them|
|StripHtmlScriptTags||Find all Html script tags within the content and remove them|
|StripHtmlStyleTags||Find all Html style tags within the content and remove them|
|DefaultFilters||ConvertUrlsToAnchors | ConvertEmailsToMailTos | ConvertDisplayNameToProfileLin
k | StripHtmlComments
Customize ScrubHtml config settingsAs of version 9.5+, the following config settings allow for more flexibility of what is allowed when the ScrubHtml filter is enabled. ScrubHtml must be added to the values listed for the config setting richTextEditor.customContentFilters in order for the settings below to have an effect. For each config setting, you can enter a list of items the ScrubHtml filter should allow.
scrubHtml.allowedAttributes: Enter a comma-separated list of additional html attributes the ScrubHtml filter should allow.
scrubHtml.allowedSchemes: Enter a comma-separated list of additional URL schemes the ScrubHtml filter should allow, eg: file, ftp.
scrubHtml.allowedTags: Enter a comma-separated list of additional html tags the ScrubHtml filter should allow.
To customize the config settings:
- Go to the Admin panel: Advanced Options section > Configuration Settings page.
- Type scrub in the Search config settings field to narrow the list of config settings.
- Find the desired config setting.
- Click in the Value column, and in the text box, enter a comma-separated list of items that the ScrubHtml filter should allow.
- Click Save.