Clean up text formats (use this as a model for all other borg sites?)
Opened this issue · 5 comments
One thing that really frustrates me is that on all of our sites we need to disable the rich-text editor in order to use the date tokens. This is because the date token filter was not added to a current format, but instead, an additional format was created.
Creating unnecessary formats is a bad idea for a number of reasons (security, usability, difficulty in updating existing content + config, etc, etc).
I would like to remove all date token formats by:
- Adding the use of date tokens to all formats where they are needed
- Writing an update hook to fix all content to use one of the supported formats
- Deleting (disabling) the problematic newer format
If there is a reason the new format was created (is there a bug with using the token + ckeditor together?) please note that here, and link to the issue. We would obviously need to fix that first. :)
As an experiment, I added the date token filter to the other formats, and have removed permissions for the tokens format. I'm going to go review all the content using this permission and see if it works using the normal formats... For reference, node IDs: 60, 125, 128.
Having probably been the first to create a separate format for text+tokens, my rationale at that time was that since expanding tokens allows the exposure of potentially a lot of information that had not been previous accessible (for example, chaining tokens could expose user information about the author of a node), having a separate format allowed for the possibility of tighter permissions on the use of tokens.
As things have worked out, though, (a) the desired use of tokens has turned out to be more widespread (yay for useful things!), and (b) we've ended up giving the same permissions to with- and without-tokens formats anyhow. So that rationale has pretty much evaporated, I think.
Ergo, this sounds like a good idea.
@bugfolder that's an excellent point about tokens being potentially leaky. I wonder if there's a way we could limit which tokens are allowed (or disallowed) for the token filter? I'd love to allow everyone to use tokens, but not all tokens :)
I think disabling all [user] tokens might be enough of a safety measure. Should I create an issue for token filter to work on this, or do you think it would be more appropriate elsewhere?
Should I create an issue for token filter to work on this, or do you think it would be more appropriate elsewhere?
That does seem to be the appropriate place to add a setting to limit which tokens are replaced. But I think it will take some careful thought to figure out what the setting(s) should be, and how best to implement them. (Noticing the lucky maintainer of Token Filter who will get to work on this.) It's not as simply as just not expanding [user:...] tokens, since chained tokens like [node:author:mail] that don't contain "user" would need to be disabled.
@argiepiano has done a lot with tokens and entities; might be good to get his take on this.
I created an issue more generally "to limit access to potentially dangerous tokens", to see if other ideas might emerge. (I'm not sure disabling specific tokens is the best solution, just the first idea I had!).