hi there, I know i'm old-fashioned but is there any way to avoid zenphoto overriding my preferences in writing content? (using zenphoto 1.5.7 + zenpage theme)

I understand that preventing malicious use of forms is an important feature but IMHO preventing my own personal use of html tagging in my texts is malicious as well.
In this way not only my lay-out but also my text formatting are under scrutiny by zenphoto, just like it happens in WP!

I've tried to add and/or modify the allowed tags in admin-options but "the system" didn't accept me doing that.
I find it's too generic to set alltogether the permits for "comments, descriptions and other fields".

Isn't it possible to split the "allowed tags" from comments -which are obviously a target for external attacks- and my own use of html in my own content?

(i.e. what is the ratio to exclude attribute "name" from tag \< a >? or my favourite \< dl > \< dt > \ and \< del > ? and how am I supposed to add a form for a paypal button?)

You should be able to add "tags" in the option actually if you follow the way they are defined. What does happen if you do? Just nothing?

These are not only for tags but also for basic sanitizing of contents and some filtering internally. So it is currently not that easy to do so and certainly not for 1.5.8 coming soon.

However in the 1.5.8RC there are some additions as there have been some other oversights for the defaults.

The name attribute is not an allowed attribute for `` elements as it is not one of the global ones.
https://developer.mozilla.org/de/docs/Web/HTML/Element/a

Paypal buttons actually work fine: https://www.zenphoto.org/pages/donations/

Definition lists actually as wel despite indeed missingl: https://www.zenphoto.org/news/zenphotos-global-variables/

But it all also depends on if you are using the tinymce editor or not asthat also does some filtering. It is enabled by default normally and we use it as well.

tinymce editor? no, I don't use it, what's that? ;-)

When I've tried to add all together the tags I wanted to use, the verification system didn' allow me doing that.

After some testing I've succeded to enter separately, meaning one by one, \< dl > \< dt > \< dd > and \< del >
Added succesfully as well the attribute "name" in tag \< a > (it's in texts I've written long time ago, when it was of common use and not yet deprecated... )

But if I write < form > or < input > the system rejects it, I don't understand how to add i.e. paypal

Perhaps tinymce to make your life easier ;-)

You need to enter the items as the existing are like this

 dl =>(class=>() id=>())
 dt =>(class=>() id=>())
 dd =>(class=>() id=>())

Forms will be incuded by default in 1.5.8. Definition lists and `` we forgot but will add them.

Added succesfully as well the attribute "name" in tag \< a > (it's in texts I've written long time ago, when it was of common use and not yet deprecated... )

Note that it will be invalid HTML technically as it is not only deprectated but not allowed in HTML5 as all Zenphoto themes use HTML5, at least the official ones.

Note that it will be invalid HTML technically as it is not only deprectated but not allowed in HTML5 as all Zenphoto themes use HTML5, at least the official ones
thanks for pointing me that, I wasn't aware of

however I still don't get how to add the paypal thing

thanks for pointing me that, I wasn't aware of

It's not a huge showstopping validation issue but will ceraintly be noted if you test with a validator.

What is the exact problem with the paypal button? That's just a simple form with a link and an image as on our page, right?

ok, after some testing I could finally manage to add all the required tags and attributes (e.g. form & input) which at the previous attempts were refused by the system.

apparently the system was not happy to get all the mods in one go, I had to add them all one by one (and sometimes had to repeat as not always was accepted at the first time).

there could have been some typo by my side but I've checked many times: pretty weird behaviour

[btw in admin-options.php?page=options&tab=general

there is a typo:
in the italian translation there are two closing parenthesis instead of one - as those in the form field:

Seguire la forma tag => (attributo => (attributo=> (), attributo => ()...))

while in english there are three closing parenthesis

Follow the form tag => (attribute => (attribute=> (), attribute => ()...)))

]

there could have been some typo by my side but I've checked many times: pretty weird behaviour

Surely not normal behaviour. Any errors in the logs?

in the italian translation there are two closing parenthesis instead of one - as those in the form field:

That's something @bic would have to fix ;-)

in the italian translation there are two closing parenthesis instead of one - as those in the form field:
There are things messed up there. Too many open/close parenthesis.
Please take a close look at syntax. It should look like this:
form => (action=>() method=>() accept-charset=>() id=>() class=>() title=>() name=>() target=>() lang=>())

Maybe a shorter example helps:
col => (class=>() id=>() lang=>())

yes, I did it, note that in english there are 3 closing parenthesis in the text

yes, I did it, note that in english there are 3 closing parenthesis in the text
That's not the case in 1.5.8RC however.
I think it's better to use the [i]reset to default[/i] button, on the right of the [i]Allowed tags[/i] options, and start over.

Sigh..., I completely missed the fact that you meant the text in the explanation next to the option. Sorry.

No problem, maybe I wasn't clear enough: it's so easy to misunderstand each other ;-)

Let me add here just one more little problem I've noticed, that has puzzled me for quite some time.

The system strips off an attribute which is set as [u]allowed by default[/u] in admin option. This is how my html looks like in my admin-edit page:

 Sending images

...
mail address

but the id attribute effectively is stripped off in my page source, while is still there in the admin-edit page!

Any idea on how do I solve this?

First, what edit page exatly, second which theme are you using.

With text editor or without texteditor as the editor also does some parsing itself.

Generally is text content parsed by a validator - either a library or if your sever supports a native PHP extension - so if for some reason an id is not unique on your text content it may be removed.

First, what edit page exatly, second which theme are you using.

.../zp-core/zp-extensions/zenpage/admin-edit.php?page&update

With text editor or without texteditor

NO text editor

if for some reason an id is not unique on your text content it may be removed

that's not the case, every id I've tried is stripped off in my page source, while remaining alive in its admin-edit page

tried a temporary workaround

but that too is stripped off from html! :-(

My colleague just reminded me that might be related to sort of a bug with the filtering we were not able to solve. This happens for some reason sometimes.

Try to use a codeblock - if the theme supports it - instead of the main text content.

Need to remind me by looking at code: In fact this is an issue of the general sanitizing but not related to the allowed tags option at all as that is not used for displaying text content. We're re-investigation on this again right now.

Please try the 1.5.8RC for some change regarding this.

ok, I've reinstalled and tested the page: problem solved ! :-)