Is anyone able to explain why this html does not work when put into the 'share status' box on the user's profile or the event wall? I'm using the Default Blacklist for registered users, but can't see anything wrong. It doesn't interpret the HTML, it just displays it like text:

<hr style="text-align:left;margin-left:0;color:#8b8989;background-color:#8b8989;border:1px solid #8b8989;height:2px;width:100%;"><p style="text-align:center;"><img src=" api.ning.com/files/fXUwj8AcBIni0nhTHsupU...peed_Certified_1.png " width="418" class="aligncenter" alt="Single Speed Certified Image"></p><hr style="text-align:left;margin-left:0;color:#8b8989;background-color:#8b8989;border:1px solid #8b8989;height:2px;width:100%;">

The attachment is a screenshot of the result.

Thanks,
Matthew

Hi Matthew,

at sharebox/activities stream we have some restriction. especially for HTML.
sharebox will not rendered any HTML from user input. it's not safe if we allow it. the stream activities can broken and many unpredictable issues.

Regards,
Albert

I see. Why is it ok to use HTML in event descriptions, but not streams, especially if the default blacklist of html tags is in place to stop malicious html code? If it can't be used at all in streams is there a way to strip it out (or display an error to the user), so at least the plain text is shown instead of displaying the raw html code, which just makes the users think there has been an error?

Thanks,
Matthew

Hi Matthew,

Here the changes option:
edit the file /components/com_community/libraries/activities.php line 1517
1. remove all HTML tags

$str = strip_tags(rtrim(str_replace(' ', '', $str)));

$str = rtrim(str_replace(' ', '', $str));

Thanks for that. If I allow HTML will the default blacklist still be applied/stripped?

Thanks,
Matthew

Hi Matthew,

blacklist will be not applied. if want blacklist applied you can use this function:
www.php.net//manual/en/function.strip-tags.php

$str = strip_tags(rtrim(str_replace('&nbsp;', '', $str)), '<p><a><img><hr>');