Understanding Input Formats (why HTML you write is not appearing)

Published August 19th, 2010

A common mistake/oversight that beginners with Drupal tend to make is forgetting about Input Formats. Content in Drupal is run through an Input Format before it gets displayed on the page, and the settings of a given Input Format can affect what HTML tags are permitted and many other aspects of the page. Read on to find out how to avoid the pitfalls of Input Formats.

The default (and suggested, since it is much safer to use) “Input format” in Drupal is called Filtered HTML. What this does is allows only HTML tags that have been predetermined to be allowed for use in content on your Drupal site. Anything that is not in the list of pre-allowed HTML tags will simply be ignored by Drupal and won’t show up on the page. You can use the Full HTML Input format if you must (which allows “almost” all HTML through besides particularly dangerous code), however it is a good habit to use Filtered HTML whenever possible (and you should “never” allow any user on your site besides yourself or trusted staff to use anything other than Filtered HTML, or they could accidentally - or purposefully - cause problems on your site ranging from basic formatting issues all the way to completely compromising the security of your site). Here’s a good example that illustrates why you should not use Full HTML (especially for both anonymous and normal registered users, though again, don’t use it at all if you don’t have to).

The suggested method is to add only the HTML tags you know your site’s content requires. You can do that by going to Administer > Site configuration > Input formats > Filtered HTML > Configure (admin/settings/filters/1/configure).

In the Allowed HTML tags field, delete the short default list of tags, and enter the following more-complete list of HTML tags:

Feel free to add or remove other tags if you are certain that you need to use them in your content, and if you are certain that they are safe.