(Screenshot does not reflect current version. Options have moved to a different tab.)
|Line 6:||Line 6:|
This pop-up screen is shown when the User clicks the 'Options' button on the Toolbar.
Note. In Joomla 2.5.4 this tab has changed. The options below the horizontal rule are missing. These options are now on a new tab called "Shared Options".
Web sites can be attacked by users entering in special HTML code. Filtering is a way to protect your Joomla! web site. Filtering options give you more control over the HTML that your content providers are allowed to submit. You can be as strict or as liberal as you desire, depending on your site's needs.
It is important to understand that filtering occurs at the time an article is saved, after it has been written or edited. Depending on your editor and filter settings, it is possible for a user to add HTML to an article during the edit session only to have that HTML removed from the article when it is saved. This can sometimes cause confusion or frustration. If you have filtering set up on your site, make sure your users understand what types of HTML are allowed.
The default setting in Joomla! version 2.5 is that all users will have "black list" filtering on by default. This is designed to protect against markup commonly associated with web site attacks. So, if you do not set any filtering options, all users will have "black list" filtering done using the default list of filtered items. If you create a filter here, this overrides the default, and the default filter is no longer in effect.
To access the filtering settings, click on Options and select 'Text filters'
For each user group on your site you can specify what type of filtering is applied to their edits.
There are four types of filters: Black List, White List, No HTML and No Filtering.
The default filter method in Joomla! is 'Black List'. The default 'Black List' contains the following tags to exclude:
The default 'Black List' contains the following attributes to exclude:
You can 'Black List' (disallow) additional tags and attributes by adding to the Filter tags and Filter attributes fields, separating each tag or attribute name with a space or comma. If you select a Filter Type of "Black List", this list will always be used, plus any additional tags and attributes you add.
White list filters allow you to specify that a given group can only use a specific list of HTML tags and attributes. You can 'White List' (allow) tags and attributes by adding to the Filter tags and Filter attributes fields for the desired group, separating each tag or attribute name with a space or comma.
No HTML filters are the strictest set of filters you can apply. Groups that are set to No HTML will not have permission to use any HTML.
No filtering is the most permissive set of filters you can apply. Groups that are set to No Filtering will have permission to use any and all tags and attributes, including the default blacklisted tags and attributes.
If a user belongs to two different groups that have different filter settings, filters will combine in a permissive way. That is, the set of tags the user will be permitted to use will the combination of the tags that each group allows the user to use. So if the user is a member of one group that white lists a specific set of tags and another group that white lists a different set of tags, the user will be able to use both sets of white listed tags. White lists override blacklists, so if a user belongs to one group that black lists a tag and another group that white lists a tag, the user will be able to use that tag. A user that belongs to a group that has no filtering will be able to use any HTML regardless of filtering settings for other groups the user belongs to.
Please note that these settings work regardless of the editor that you are using. Even if you are using a WYSIWYG editor, the filtering settings may strip additional tags and attributes prior to saving information in the database.
Example One: To allow people in a group to only submit content with basic HTML tags, use the following settings:
Example Two: To apply the default black-list filtering to a group, use the following settings:
The filtering parameters in config.xml have the new parameter menu="hide". This hides the filters from the Menu Item's Component pane as you do not want cascading overrides to occur at the menu item level.