TinyMCE: Only allow specific Formatting and HTML Tags
Question by Guest | Last update on 2021-04-06 | Created on 2014-05-06
Is it possible to configure TinyMCE HTML Editor in a way that it is only possible to format the text with predefined formattings? In others words, that only specific and defined HTML tags are allowed.
For example, that it is possible to make text bold or italic or to set a link to another website, but that is just not possible to insert headings, colored boxes or other things?
Related Topics
TinyMCE Editor not shown after second call
Question | 3 Answers
TinyMCE should use <b> and <i> instead of <strong> and <em>-tags
Question | 4 Answers
PHP: Remove all HTML Tags from String
Tutorial | 0 Comments
TinyMCE: Check if TinyMCE is available
Question | 1 Answer
CSS: Include CSS Stylesheets in HTML
Tutorial | 0 Comments
TinyMCE: Do not convert Special Characters to Named Entities
Question | 1 Answer
TinyMCE: Remove TinyMCE Editor from Textarea
Question | 1 Answer
Important Note
Please note: The contributions published on askingbox.com are contributions of users and should not substitute professional advice. They are not verified by independents and do not necessarily reflect the opinion of askingbox.com. Learn more.
Participate
Ask your own question or write your own article on askingbox.com. That’s how it’s done.
With the declaration of "valid_elements", you can exactly control which HTML tags are allowed and which not.
Here is an example:
tinymce.init({ selector: "textarea", valid_elements: "p,br,b,i,strong,em", toolbar: "bold italic" });With this, we are only allowing paragraphs (p), line breaks (br), bold text (b and strong) and italic text (i and em). At the same time, we limit the toolbar to buttons for bold and italic text.
With using the notation such as "b/strong" or "i/em", we can make TinyMCE to automatically rewrite HTML tags. In this example, "strong" is changed to "b" and "em" to "i".
Behind simple formatting, we can also adjust which attributes are allowed to be kept. This is interesting for example when defining links. In this example, we are allowing the attributes "href" and "target=_blank" for a-tags and the attribute "style" for divs.
Important: Forbidding HTML tags with TinyMCE does not make user input more secure, as there are many ways to bypass TinyMCE and to send everything you want to the server anyway. So you should always also check the user input on server side.
Last update on 2021-04-06 | Created on 2014-05-06
If we DISALLOW "br" tags as well as whichever tag happens to be the parent of the root TinyMCE element, does that prevent line breaks and new paragraphs?
I want an editor that contains the title of an article such that people can add boldface and italics (such as for a title within the title), but the title has to be all on one line of text.
2016-11-07 at 15:23
Yes. Just specify "valid_elements: "strong,em" for only allowing bold and italic text in your head.
However, you should additionally check the title on your server again, because TinyMCE only works with JavaScript and the user can manually type and send whatever he wants in the underlying text field.
2016-11-11 at 03:02