- Training Topics
- Campus Connections
- OSU IT Policies
One of the biggest sources of confusion for new users surrounds the use of input formats.
Input formats are a necessary security feature on a dynamic website - especially one that allows interaction from an external audience.
While these different types of code are used to create really cool things on your site, they can also be used maliciously if the wrong people are allowed to use them. Even Cascading Style Sheets (CSS), which isn't a language at all, but a set of style specifications, can be used as a vehicle to damage or take over your site.
Input formats are a way to control what kind of user is allowed to use specific types of code, or "input", in the Tiny MCE text editor.
There are three different input formats defined on your OSU Drupal 6 site:
To allow interaction from anonymous users, such as providing them the ability to submit Webforms, a default input format must be supplied that all users, including the anonymous ones, can use. Anonymous users can only use Filtered HTML. Allowing anonymous users access to any of the other input formats is dangerous, as you don't know who is on the other end and what they are injecting into your site via the text editor.
Authors can use both Filtered HTML and Full HTML. This allows authors on the site the ability to add inline CSS styles to their content to do things such as embedding an image and having the text float up around the image. Keeping this in mind, one of the first things to look at if your embedded images or video players aren't acting the way you expect them to, check the input format to ensure it's set to Full HTML. Authors do not even see the PHP option.
Author Input Formats
Advanced Authors and Administrators can use all input formats. This is where the assignment of roles on a site is very important. If you have an Advanced Author or Administrator who does not know how to write code, they should be strongly discouraged from experimenting on a production site as different types of code, when used incorrectly, can completely destroy your site.
Advanced Author and Administrator Input Formats
So now that we understand a little bit about input formats, let's move on to some specifics about using the text editor...