Join Tom Geller for an in-depth discussion in this video Control text formats to prevent damage, part of Drupal 8 Essentials 2: Building Out Your Website.
- [Voiceover] One of the biggest reasons…that websites get attacked is that their builders…allow the public to type programming code…in such places as content and comments.…I can demonstrate the dangers easily…by creating a node that calls for an outside site.…To do that I'll go up to content,…then add content, and I'll make it a basic page.…Now here's how the dangerous stuff comes in.…If I change the text format to full HTML…then I can type in my bad code.…
I'll just create something here,…dangerous page, and type in my code.…Now I'll save it.…And as you can see I've actually inserted my own website…inside somebody else's website.…You clearly don't want that to happen.…So I'm just gonna delete that page.…By default Drupal protects you by limiting access…to that full HTML mode,…so you can generally launch a Drupal site…without worrying about it,…but Drupal does give you tools to restrict…such trickery even further…or to loosen up it's policies when you want.…
The controls are in what Drupal calls text formats…and you find them under configuration,…
In these tutorials, Tom Geller helps new Drupal designers change the layout and design elements of their sites, control visitor interactions (including comments), arrange content in user-friendly "views," and expand the site's capabilities beyond what's available in core Drupal with Drupal modules. In all the steps you'll learn best practices to ensure your sites remain streamlined, secure, and up to date.
If you want to start from the beginning and create your Drupal site from scratch, check out Drupal 8 Essentials 1: Getting Started.
- Grouping content into categories
- Managing comments
- Adding discussion groups
- Customizing fields and image styles
- Adjusting menus and navigation to help users
- Adding new features with Drupal modules