• To make it easier for people to format text without knowing HTML, you could do filters, and/or editors
  • Filters change stuff - people type things, filter changes that on output
  • A ton of modules that provide filters in addition to the core
  • Filter only makes its transformations on output: this means that whatever your user puts in the text box, it's stored right the way they did it, and you can transform it any way you want after the fact
    • Transformation happens after it gets stored, so you don't lose the data the person input; also, what if you want to filter it a different way later?
    • Change the filter settings, you're not changing your data
  • "Input formats" become "text formats" in Drupal 7
    • A format is a way to group a bunch of filters together
    • This is an important distinction (format = collection of filters) when reading documentation
    • Drupal Core comes with some formats: filtered html (default), full html
    • Filtered html helps with security, strips things down - otherwise, you can put javascript in the text box (dangerous)
    • Filtered html works as a whitelist
    • Don't get frustrated and switch to "full html" - security nightmare; people do Google searches for text that allows full html for comments for anonymous users
    • Core also offers PHP format - you have to turn on PHP filter module first (BIG DANGER)
    • Filtered HTML: URL filter, HTML filter, line break converter, HTML corrector
    • Full HTML has the same, but removes the whitelist

An example

  • Even when you're using filtered HTML, if you put a script tag in there, it's still saved in the database just like you typed it
  • The database also specifies what format to use
  • URL filter, HTML filter, line break converter, HTML corrector fire in that order - order can be important (one filter can "clobber" another)
  • Filtered HTML also strips attribute tags - sorry

Markup filters

  • Markdown, Textile, BBCode, Wiki Markups (Mediawiki, TikiWiki, etc)
  • Other cool filters: code filter/GeSHi, SpamSpan (to avoid e-mail scraping), Paging, Pirate (Talk Like A Pirate Day), Typogrify (turns two dashes into an em-dash, etc)
  • It depends on your user: if your users are used to Wikipedia and they want Drupal to be a wiki, you can do that
  • Sometimes you don't need a WYSIWYG - a filter might get you what you need

WYSIWYG: just gimme what I want

  • There are also HTML helpers - it'll insert the HTML tags for you, that might be a good compromise for some people (BU Editor is the most popular one, probably going onto drupal.org)
  • Back in the day: tinymce (awesome cool javascript thing)
  • For a while, tinymce was what everyone used
  • Also out there: fckeditor (name is changing to "ckeditor"; fck are the guy's initials, non-native speaker of English...)
  • Huge threads on whether tinymce or fckeditor is better - comes down to preferences
  • New: WYSIWYG API (actually just called WYSIWYG)
    • Central place for you to plug in whatever editor you want
    • Flexibility to be able to have any editor, and more than one at a time - say when you want to use what
  • Dealing with images (arrrrrghhh!!!)
    • Things are getting better
    • imagefield - can actually stick them in the body text
    • imce - image browser integration

Questions

  • How to strip out content from Word
    • People who want to just copy and paste stuff from Word - some of the WYSIWYG have a "strip Word crap out" button
    • Alas, there's no module that does it right (been there, tried it all)

Demo time

  • "Input formats" under "Admin" - filters are part of formats, so go looking there
    • If you go to modify a format, you can turn filters on/off (image resize filter, markdown, others can be added)
    • Every filter can have its own configuration - things like maximum link text length
    • "Rearrange" lets you specify what order the filters fire
    • Check out the readme for filters; many of them will tell you what order they should be in
    • Markdown should be before HTML for security, to strip out anything weird that Markup generates that's not on your whitelist