hi there, I know i'm old-fashioned but is there any way to avoid zenphoto overriding my preferences in writing content? (using zenphoto 1.5.7 + zenpage theme)
I understand that preventing malicious use of forms is an important feature but IMHO preventing my own personal use of html tagging in my texts is malicious as well.
In this way not only my lay-out but also my text formatting are under scrutiny by zenphoto, just like it happens in WP!
I've tried to add and/or modify the allowed tags in admin-options but "the system" didn't accept me doing that.
I find it's too generic to set alltogether the permits for "comments, descriptions and other fields".
Isn't it possible to split the "allowed tags" from comments -which are obviously a target for external attacks- and my own use of html in my own content?
(i.e. what is the ratio to exclude attribute "name" from tag \< a >? or my favourite \< dl > \< dt > \ and \< del > ? and how am I supposed to add a form for a paypal button?)
You should be able to add "tags" in the option actually if you follow the way they are defined. What does happen if you do? Just nothing?
These are not only for tags but also for basic sanitizing of contents and some filtering internally. So it is currently not that easy to do so and certainly not for 1.5.8 coming soon.
However in the 1.5.8RC there are some additions as there have been some other oversights for the defaults.
The name attribute is not an allowed attribute for `` elements as it is not one of the global ones.
https://developer.mozilla.org/de/docs/Web/HTML/Element/a
Paypal buttons actually work fine: https://www.zenphoto.org/pages/donations/
Definition lists actually as wel despite indeed missingl: https://www.zenphoto.org/news/zenphotos-global-variables/
But it all also depends on if you are using the tinymce editor or not asthat also does some filtering. It is enabled by default normally and we use it as well.
tinymce editor? no, I don't use it, what's that? ;-)
When I've tried to add all together the tags I wanted to use, the verification system didn' allow me doing that.
After some testing I've succeded to enter separately, meaning one by one, \< dl > \< dt > \< dd > and \< del >
Added succesfully as well the attribute "name" in tag \< a > (it's in texts I've written long time ago, when it was of common use and not yet deprecated... )
But if I write < form > or < input > the system rejects it, I don't understand how to add i.e. paypal
Perhaps tinymce to make your life easier ;-)
You need to enter the items as the existing are like this
dl =>(class=>() id=>())
dt =>(class=>() id=>())
dd =>(class=>() id=>())Forms will be incuded by default in 1.5.8. Definition lists and `` we forgot but will add them.
Added succesfully as well the attribute "name" in tag \< a > (it's in texts I've written long time ago, when it was of common use and not yet deprecated... )
Note that it will be invalid HTML technically as it is not only deprectated but not allowed in HTML5 as all Zenphoto themes use HTML5, at least the official ones.
thanks for pointing me that, I wasn't aware of
It's not a huge showstopping validation issue but will ceraintly be noted if you test with a validator.
What is the exact problem with the paypal button? That's just a simple form with a link and an image as on our page, right?
ok, after some testing I could finally manage to add all the required tags and attributes (e.g. form & input) which at the previous attempts were refused by the system.
apparently the system was not happy to get all the mods in one go, I had to add them all one by one (and sometimes had to repeat as not always was accepted at the first time).
there could have been some typo by my side but I've checked many times: pretty weird behaviour
[btw in admin-options.php?page=options&tab=general
there is a typo:
in the italian translation there are two closing parenthesis instead of one - as those in the form field:
Seguire la forma tag => (attributo => (attributo=> (), attributo => ()...))
while in english there are three closing parenthesis
Follow the form tag => (attribute => (attribute=> (), attribute => ()...)))
]
there could have been some typo by my side but I've checked many times: pretty weird behaviour
Surely not normal behaviour. Any errors in the logs?
in the italian translation there are two closing parenthesis instead of one - as those in the form field:
That's something @bic would have to fix ;-)
in the italian translation there are two closing parenthesis instead of one - as those in the form field:
There are things messed up there. Too many open/close parenthesis.
Please take a close look at syntax. It should look like this:
form => (action=>() method=>() accept-charset=>() id=>() class=>() title=>() name=>() target=>() lang=>())
Maybe a shorter example helps:
col => (class=>() id=>() lang=>())
Let me add here just one more little problem I've noticed, that has puzzled me for quite some time.
The system strips off an attribute which is set as [u]allowed by default[/u] in admin option. This is how my html looks like in my admin-edit page:
Sending images
...
mail addressbut the id attribute effectively is stripped off in my page source, while is still there in the admin-edit page!
Any idea on how do I solve this?
First, what edit page exatly, second which theme are you using.
With text editor or without texteditor as the editor also does some parsing itself.
Generally is text content parsed by a validator - either a library or if your sever supports a native PHP extension - so if for some reason an id is not unique on your text content it may be removed.
First, what edit page exatly, second which theme are you using..../zp-core/zp-extensions/zenpage/admin-edit.php?page&update
With text editor or without texteditorNO text editor
if for some reason an id is not unique on your text content it may be removedthat's not the case, every id I've tried is stripped off in my page source, while remaining alive in its admin-edit page
tried a temporary workaround
but that too is stripped off from html! :-(