We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

A Drupal Guy Needs Guidance

March 28, 2011 6:22pm

Subscribe [4]

  • #1 / Mar 28, 2011 6:22pm

    Alohashirt

    49 posts

    I haven’t used EE since the previous version, and have been strictly Drupal for the last 2 years. Can I limit the types of html tags that an editor (who stricly enters content) can enter? I’ll need to prevent future content editors from entering potentially malicious code, while still allowing them to embed videos in posts.

    This is a deal-breaking feature for the site I’m about to build. Love EE’s design flexibility—it’s much easier than Drupal theming.

  • #2 / Mar 28, 2011 7:50pm

    Boyink!

    5011 posts

    Where are they embedding video from?  There are a number of ways to go about it that don’t involve dropping in iframes, etc.

  • #3 / Mar 28, 2011 8:18pm

    Marcus Neto

    1005 posts

    Alohashirt, Welcome back! I think what Mike is getting at is that there are now fieldtypes that allow you to pull in video from some of the more popular sites like Vimeo and YouTube.

    Another option would be to use HTML Strip on all of the output from the fields to make sure that only the types of HTML tags you want to output are allowed.

    Does that help?

  • #4 / Mar 28, 2011 9:47pm

    Alohashirt

    49 posts

    That does help. They will be pasting embed code that comes from Brightcove.  I want to limit the types of HTML tags allowed specifically to prevent editors from posting videos from YouTube, Vimeo, or any service other than the Brightcove library hosting this organization’s videos.

    This is one very important security feature I’ve grown to rely on in Drupal. But there may be a workaround in EE. I’ll have a closer look at the embed code. EE 2.0 looks positively awesome compared to the version I used to know and love.

  • #5 / Mar 28, 2011 9:51pm

    Boyink!

    5011 posts

    The other thought is the find & replace plugin setup looking for specific disallowed code.

  • #6 / Mar 29, 2011 5:56am

    Brett Gullan

    70 posts

    Alohashirt

    A slightly “heavier” approach would be to write a Fieldtype, specifically for your Brightcove content!

    I only mention it as I have a project on the horizon which is likely to need something similar. What sort of timeframe are you looking at for your project?

    Cheers,

    Brett

  • #7 / Mar 29, 2011 7:09am

    Alohashirt

    49 posts

    The project starts in April. I’m not inclined to write a custom field—only because I can easily foresee them changing hosts from Brightcove to another pro-level hosting service down the road. The find & replace solution would be more effective—since they’re specifically concerned about prohibiting YouTube, Vimeo, and Blip.TV.

  • #8 / Mar 29, 2011 2:32pm

    Brandon Jones

    5500 posts

    Thanks for contributing, all! There are good suggestions here, Alohashirt, so don’t hesitate with any other questions.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register