Help - Search - Members - Calendar
Full Version: enable macros, disable html
Movable Type Community Forum > Additional Resources > Tips and Tricks
envy
Oct 19 2003, 09:46 PM
is there anyway to enable macros for commenting (eg smilies) but still disable/sanitize html?
kadyellebee
Oct 20 2003, 02:00 AM
If you aren't worried about people posting pictures besides smilies, then you can just customize your santize settings to have the img src in it, and not much else.

Kristine
Annoying Old Guy
Oct 20 2003, 06:45 PM
No, there is currently not a way to do that. I find it one of the most annoying issues with Movable Type. It seems that text filters are perfect for allowing interesting HTML safely. Envy's goal is precisely the kind of thing one should be able to do - restrict users from entering IMG tags but provide shorthand for author specified images.

However, I spent some time working through the MT code and it's not possible because Sanitize is always applied after text formatting, where as text formatting should bypass sanitizing. I'm looking at some MT code tweaks that would fix that problem but it will take some experimenting to get right.
Annoying Old Guy
Oct 21 2003, 05:25 AM
Here's a code fix to MT to do what you want, if you're determined. This works on my weblogfor the Textile text formatting. Go to the weblog and click on the comments for some post. Put this in the comment text:
CODE
Bob M^c^Groovy is a cool dude.

Bob M<sup>c</sup>Groovy is a cool dude.
Then hit PREVIEW. Note that the textile superscript (denoted by '^c^') works but the SUP element is stripped.

The changes are in MT/lib/Template/Context.pm.

Change 1:

In post_process_handler, which starts around line 224, move the Sanitize logic up so that it looks like
CODE
       if ($args) {
           my %local_args = %$args;
           if (my $spec = $local_args{'sanitize'}) { # START OF MOVED SECTION
               require MT::Sanitize;
               if ($spec eq '1') {
                   $spec = $ctx->stash('blog')->sanitize_spec ||
                           MT::ConfigMgr->instance->GlobalSanitizeSpec;
               }
               $str = MT::Sanitize->sanitize($str, $spec);
           } # END OF MOVED SECTION
           for my $arg (keys %local_args) {
               if (my $code = $Global_filters{$arg}) {
                   $str = $code->($str, $args->{$arg}, $ctx);
                   delete $local_args{$arg};
               }
           }

Change 2: Around line 1175 in the _hdlr_comment_body subroutine, change the lines at the end of sub from
CODE
   return $convert_breaks ?
       MT->apply_text_filters($t, $blog->comment_text_filters, $ctx) :
       $t;
to
CODE
   if ($convert_breaks) {
       if (my $filters = join(',', @{$blog->comment_text_filters()})) {
           $filters = $filters . ',' . $arg->{'filters'} if $arg->{'filters'};
           $arg->{'filters'} = $filters;
       }
   }
   return $t;


The last bit is experimental. It works for me but I haven't tested it in all cases. Now all you need is a text filter to make the smileys. If you do that by adding a "filters" attribute or global filter attribute (like apply_macros="1") then you don't need change 2, which handles the case of the filter set in the weblog config.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.