Text formats
Drupal’s Text Formats system provides a way to create tiers of rich-text content entry ability. Text formats can be managed at Configuration > Content Formatting > Text formats and editors (/admin/config/content/formats).
Contents
Note
If you need more control over the look and feel, and are comfortable with HTML input, you can enter HTML directly by clicking the Source button in the toolbar. However, to prevent the injection of malicious code, most text formats limit which tags are allowed, as described below.
Flex HTML
For developers
The Flex HTML text format is provided and managed by ITS and should not be configured. If you have a similar use case, create a new text format filter. When creating a new text format, it’s always best to keep input format settings as secure as possible. Select the least amount of functionality possible for each role, and use the “Limit HTML tags” filter whenever possible.
The “Flex HTML” toolbar contains standard formatting options, the ability create headings, links, lists, and media (images and videos).
“Flex HTML” includes filters which:
limit allowed HTML tags and correct faulty HTML
automatically convert URLs into links
align and caption images
apply responsive behavior to HTML tables
support Embedding Qualtrics forms with a shortcode
allow media to be embedded
For security reasons, some HTML tags are not allowed in Flex HTML:
HTML Code |
Notes |
|---|---|
|
Typically used for embedding videos. The ability to embed various types of media simply by adding a URL is in the roadmap, but not yet supported. |
|
It is recommended to use a campus service such as Qualtrics for providing user facing forms. |
|
Typically used for embedding videos. The ability to embed various types of media simply by adding a URL is in the roadmap, but not yet supported. |
|
Typically used for embedding videos. The ability to embed various types of media simply by adding a URL is in the roadmap, but not yet supported. |
|
Typically used for embedding videos. The ability to embed various types of media simply by adding a URL is in the roadmap, but not yet supported. |
|
This tag is generally used within a |
|
The |
|
To maintain branding consistency, the |
|
Scalable Vector Graphics can contain arbitrary JavaScript, and therefore pose a security vulnerability. |
|
This tag is generally used within a |
Basic HTML
“Basic HTML” is a more limited text format that is provided by the Drupal framework, and is included as a courtesy for site consistency. Generally speaking, the “Flex HTML” format is more tailored to rich text content editing, and should therefore be preferred over “Basic HTML.”
“Basic HTML” includes filters which:
limit allowed HTML tags and correct faulty HTML
align and caption images
Restricted HTML
For situations where content editors should be able to add some HTML, but do not need access to a rich text toolbar, “Restricted HTML,” is a good option.
Full HTML
The “Full HTML” text format’s toolbar and filters are identical to the “Flex HTML” text format, but does not restrict any HTML markup. This differs from a generic Drupal installation, where the Full HTML text format does not include media library integration or advanced text format filters.
Because it allows all HTML tags, “Full HTML” can be used for third party content. See Other embeds that require <script> or <iframe> tags.
Access to the “Full HTML” text format should be granted with caution. It allows adding any arbitrary HTML, which creates the possibility for both divergent styling and security risks.