01
About
The Filter module allows administrators to configure text formats. Text formats change how HTML tags and other text will be processed and displayed in the site. They are used to transform text, and also help to defend your website against potentially damaging input from malicious users. Visual text editors can be associated with text formats by using the Text Editor module. For more information, see the online documentation for the Filter module.
Uses
- Managing text formats
- You can create and edit text formats on the Text formats page (if the Text Editor module is enabled, this page is named Text formats and editors). One text format is included by default: Plain text (which removes all HTML tags). Additional text formats may be created during installation. You can create a text format by clicking "Add text format".
- Assigning roles to text formats
- You can define which users will be able to use each text format by selecting roles. To ensure security, anonymous and untrusted users should only have access to text formats that restrict them to either plain text or a safe set of HTML tags. This is because HTML tags can allow embedding malicious links or scripts in text. More trusted registered users may be granted permission to use less restrictive text formats in order to create rich text. Improper text format configuration is a security risk.
- Selecting filters
- Each text format uses filters that add, remove, or transform elements within user-entered text. For example, one filter removes unapproved HTML tags, while another transforms URLs into clickable links. Filters are applied in a specific order. They do not change the stored content: they define how it is processed and displayed.
- Each filter can have additional configuration options. For example, for the "Limit allowed HTML tags" filter you need to define the list of HTML tags that the filter leaves in the text.
- Using text fields with text formats
- Text fields that allow text formats are those with "formatted" in the description. These are Text (formatted, long, with summary), Text (formatted), and Text (formatted, long). You cannot change the type of field once a field has been created.
- Choosing a text format
- When creating or editing data in a field that has text formats enabled, users can select the format under the field from the Text format select list.