Filter code trong Drupal từ Stripping Out Code

Code can be dangerous. The right code in the right place brings your site to life, but there are many places where it can be a huge security risk.

Inside your content, code can be dangerous. If you allow people to use PHP, Javascript, iframes or other code inside content, you greatly increase the chances of a malicious script being used.

To minimize this risk, by default Drupal restricts the code you can use in content.

The downside to this is that some common code isn't allowed. For example, most HTML is blocked by default. Here's how to allow those on your site by stopping Joomla from stripping out code.

Text Formats

By default, Drupal content is entered as "Filtered HTML". What does that mean? Drupal explains in the image above.

• Web page addresses and e-mail addresses turn into links automatically.
• There are only twelve allowed HTML tags.

Click on the dropdown link and you'll get extra options:

Full HTML is described in this way:

• Web page addresses and e-mail addresses turn into links automatically.
• Lines and paragraphs break automatically.

Plain text is described in this way:

• No HTML tags allowed.
• Web page addresses and e-mail addresses turn into links automatically.
• Lines and paragraphs break automatically.

You can also to the Modules page and enable PHP filter:

How does this impact your content?