This video is the first dive into configuring CKEditor profiles. It looks at the “Basic Setup” and “Security” sections.
Basic Setup and Security
There are two profiles that come with CKEditor: “Advanced” and “Full”. The “Advanced” profile is used with the “Filtered HTML” input format, and the “Full” profile is used with the “Full HTML” input format. Let’s take a look at the “Advanced” profile by clicking “edit” under “Operations”.
The first dropdown is the “Basic Setup” section. In here, you have the option to change the profile name to something that makes sense for your site. For example, if you have a profile for anonymous users, and one for content editors, you could create text formats and profiles called “Anonymous” and “Content Editors” respectively.
Then you can choose which text formats should use this CKEditor profile. You’ll notice that “Full HTML” isn’t an option here. That’s because it’s already associated with the “Full” profile, and each text format can only have one CKEditor profile associated with it.
The next dropdown is the “Security” section. There is a check to make sure that the allowed HTML tags are limited. This prevents users from entering malicious code to negatively affect your site.
There are also a few contrib modules listed that can be used to format user supplied content to improve security. You don’t need to install all of these projects, in fact it’s not recommended. You can check out each one if you’d like, but I’m going to show you how to use the HTML Purifier filter, as it was the only one that I could get setup properly when I took a look at them.
Before we actually setup the HTML Purifier module, the final option in this section is whether to run security filters at all times, or only when CKEditor is set to start automatically. For the best security, you should always run the security filters.
Now, I’ll save these settings and install the HTML Purifier module.