CKEditor for Drupal 7 Security Filters (Open Source Version)

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

The CKEditor security system protects you from executing malicious code that is already in your database. In plain textareas database content is harmless because it is not executed, but a WYSIWYG editor interprets HTML like a Web browser and thus the content needs to be filtered before it is loaded.

In order to configure the security filters, go to the Administration panel > Configuration > Content Authoring > CKEditor section. Enter the profile configuration and go to the Security section.

The Security section lists all the security filters that are currently supported by the CKEditor for Drupal module along with their status for each text format.

The CKEditor for Drupal module has built-in support for some popular security filter modules which you will need to download and install by yourself first. Visit the official websites for each module in order to get the files and find installation and configuration instructions.

When a filter module is installed, you will be able to configure its security filters and enable for a given text format. The list of active text formats is displayed in the Security section along with the links that will take you to the Administration panel > Configuration > Content authoring > Text formats section where you will be able to configure the filters for each of the text formats. The filters will then be run on the content during the filtering process.

The Security Settings option in the Security section lets you choose whether to always run the security filters on CKEditor content (recommended and default option) or run them only when CKEditor is set to start automatically. If you change this setting to only run the filters when CKEditor starts automatically, you will not be protected when toggling manually between a plain textarea and the WYSIWYG editor.

The following security filter modules are currently supported:


Security section of the CKEditor for Drupal 7 module configuration
This page was last edited on 30 May 2012, at 15:33.