Problem/Motivation
Currently text fields can either be restricted to plain text, or the user may select between all accessible text formats independently of the context. This means that a privileged user who needs access to a permissive text formats (for example, to put tables or embedded remote content in basic pages) will get access to that format on every formatted text field (for example on a comment field).
There are three problems with this approach, and most experience Drupal developers have faced at least one of those in the past:
- Consistency
- At the moment you have to count on competence, good will and diligence of privileged users not to put certain markup in certain places. It would be convenient if a text field could be forced to use a specific text format (other than plain text). For example, you may want to make sure that comments only allow a very limited set of HTML tags ("filtertered HTML" for example) independently of the user's role, even if the same user has access to less restrictive formats in other places.
- Usability
- The ability to select text formats is a common source of confusion. By limiting the available text formats we also remove confusing user interface elements.
- Security
- If a privileged user account is taken over (for example, through social engineering), the attack surface is large due to the fact that every single text field can be used for XSS injections. By limiting where a dangerous text format can be used, we restrict the possibilities to inject malicious content.
Proposed resolution
Add an optional setting to the text field types that lets the site-builder determine if the text formats should be restricted. This setting is then used in the default textfield and textarea widgets to remove any non-allowed text formats. If nothing is set, the current behavior is unchanged.
Note that as it uses the underlying '#allowed_formats' form API property, the settings can't be used to give access to text formats that the user wouldn't have access to otherwise.
Remaining tasks
Needs follow-up to "kill" the formatted/unformatted text fields differentiation. (See #154)
User interface changes
Checkboxes on list of available formats on text field configuration. Reduced set of allowed formats on content edit forms, where used. No fields use the new setting by default, so the patch doesn't affect the user interface for those who don't do anything with this functionality.
API changes
None
Data model changes
One setting is added to the field settings. The structure of the field data is unchanged.
Beta phase evaluation
| Issue category | Task. No new functionality is really added, we are only fixing a confusing behavior. |
|---|---|
| Issue priority | Normal |
| Prioritized changes | The main goal of this feature is to improve usability and increase security by presenting less choices to the user, and preventing the use of text formats which otherwise the user would have access in places where these are by design, not necessary. |