<!DOCTYPE html>
<!--
Copyright (c) 2003-2017, CKSource - Frederico Knabben. All rights reserved.
For licensing, see LICENSE.md or http://ckeditor.com/license
-->
<html>
<head>
<meta charset="utf-8">
<title>Data Filtering — CKEditor Sample</title>
<script src="../../ckeditor.js"></script>
<link rel="stylesheet" href="sample.css">
<script>
// Remove advanced tabs for all editors.
CKEDITOR.config.removeDialogTabs = 'image:advanced;link:advanced;flash:advanced;creatediv:advanced;editdiv:advanced';
</script>
</head>
<body>
<h1 class="samples">
<a href="index.html">CKEditor Samples</a> » Data Filtering and Features Activation
</h1>
<div class="warning deprecated">
This sample is not maintained anymore. Check out its <a href="http://sdk.ckeditor.com/samples/acf.html">brand new version in CKEditor SDK</a>.
</div>
<div class="description">
<p>
This sample page demonstrates the idea of Advanced Content Filter
(<abbr title="Advanced Content Filter">ACF</abbr>), a sophisticated
tool that takes control over what kind of data is accepted by the editor and what
kind of output is produced.
</p>
<h2>When and what is being filtered?</h2>
<p>
<abbr title="Advanced Content Filter">ACF</abbr> controls
<strong>every single source of data</strong> that comes to the editor.
It process both HTML that is inserted manually (i.e. pasted by the user)
and programmatically like:
</p>
<pre class="samples">
editor.setData( '<p>Hello world!</p>' );
</pre>
<p>
<abbr title="Advanced Content Filter">ACF</abbr> discards invalid,
useless HTML tags and attributes so the editor remains "clean" during
runtime. <abbr title="Advanced Content Filter">ACF</abbr> behaviour
can be configured and adjusted for a particular case to prevent the
output HTML (i.e. in CMS systems) from being polluted.
This kind of filtering is a first, client-side line of defense
against "<a href="http://en.wikipedia.org/wiki/Tag_soup">tag soups</a>",
the tool that precisely restricts which tags, attributes and styles
are allowed (desired). When properly configured, <abbr title="Advanced Content Filter">ACF</abbr>
is an easy and fast way to produce a high-quality, intentionally filtered HTML.
</p>
<h3>How to configure or disable ACF?</h3>
<p>
Advanced Content Filter is enabled by default, working in "automatic mode", yet
it provides a set of easy rules that allow adjusting filtering rules
and disabling the entire feature when necessary. The config property
responsible for this feature is <code><a class="samples"
href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">config.allowedContent</a></code>.
</p>
<p>
By "automatic mode" is meant that loaded plugins decide which kind
of content is enabled and which is not. For example, if the link
plugin is loaded it implies that <code><a></code> tag is
automatically allowed. Each plugin is given a set
of predefined <abbr title="Advanced Content Filter">ACF</abbr> rules
that control the editor until <code><a class="samples"
href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">
config.allowedContent</a></code>
is defined manually.
</p>
<p>
Let's assume our intention is to restrict the editor to accept (produce) <strong>paragraphs
only: no attributes, no styles, no other tags</strong>.
With <abbr title="Advanced Content Filter">ACF</abbr>
this is very simple. Basically set <code><a class="samples"
href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">
config.allowedContent</a></code> to <code>'p'</code>:
</p>
<pre class="samples">
var editor = CKEDITOR.replace( <em>textarea_id</em>, {
<strong>allowedContent: 'p'</strong>
} );
</pre>
<p>
Now try to play with allowed content:
</p>
<pre class="samples">
// Trying to insert disallowed tag and attribute.
editor.setData( '<p <strong>style="color: red"</strong>>Hello <strong><em>world</em></strong>!</p>' );
alert( editor.getData() );
// Filtered data is returned.
"<p>Hello world!</p>"
</pre>
<p>
What happened? Since <code>config.allowedContent: 'p'</code> is set the editor assumes
that only plain <code><p></code> are accepted. Nothing more. This is why
<code>style</code> attribute and <code><em></code> tag are gone. The same
filtering would happen if we pasted disallowed HTML into this editor.
</p>
<p>
This is just a small sample of what <abbr title="Advanced Content Filter">ACF</abbr>
can do. To know more, please refer to the sample section below and
<a href="http://docs.ckeditor.com/#!/guide/dev_advanced_content_filter">the official Advanced Content Filter guide</a>.
</p>
<p>
You may, of course, want CKEditor to avoid filtering of any kind.
To get rid of <abbr title="Advanced Content Filter">ACF</abbr>,
basically set <code><a class="samples"
href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">
config.allowedContent</a></code> to <code>true</code> like this:
</p>
<pre class="samples">
CKEDITOR.replace( <em>textarea_id</em>, {
<strong>allowedContent: true</strong>
} );
</pre>
<h2>Beyond data flow: Features activation</h2>
<p>
<abbr title="Advanced Content Filter">ACF</abbr> is far more than
<abbr title="Input/Output">I/O</abbr> control: the entire
<abbr title="User Interface">UI</abbr> of the editor is adjusted to what
filters restrict. For example: if <code><a></code> tag is
<strong>disallowed</strong>
by <abbr title="Advanced Content Filter">ACF</abbr>,
then accordingly <code>link</code> command, toolbar button and link dialog
are also disabled. Editor is smart: it knows which features must be
removed from the interface to match filtering rules.
</p>
<p>
CKEditor can be far more specific. If <code><a></code> tag is
<strong>allowed</strong> by filtering rules to be used but it is restricted
to have only one attribute (<code>href</code>)
<code>config.allowedContent = 'a[!href]'</code>, then
"Target" tab of the link dialog is automatically disabled as <code>target</code>
attribute isn't included in <abbr title="Advanced Content Filter">ACF</abbr> rules
for <code><a></code>. This behaviour applies to dialog fields, context
menus and toolbar buttons.
</p>
<h2>Sample configurations</h2>
<p>
There are several editor instances below that present different
<abbr title="Advanced Content Filter">ACF</abbr> setups. <strong>All of them,
except the inline instance, share the same HTML content</strong> to visualize
how different filtering rules affect the same input data.
</p>
</div>
<div>
<label for="editor1">
Editor 1:
</label>
<div class="description">
<p>
This editor is using default configuration ("automatic mode"). It means that
<code><a class="samples"
href="http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-allowedContent">
config.allowedContent</a></code> is defined by loaded plugins.
Each plugin extends filtering rules to make it's own associated content
available for the user.
</p>
</div>
<textarea cols="80" id="editor1" name="editor1" rows="10">
<h1><img alt="Saturn V carrying Apollo 11" class="right" src="assets/sample.jpg"/> Apollo 11</h1> <p><b>Apollo 11</b> was the spaceflight that landed the first humans, Americans <a href="http://en.wikipedia.org/wiki/Neil_Armstrong" title="Neil Armstrong">Neil Armstrong</a> and <a href="http://en.wikipedia.org/wiki/Buzz_Aldrin" title="Buzz Aldrin">Buzz Aldrin</a>, on the Moon on July 20,