Removing unfiltered HTML and scripts
On October 22, during our regularly scheduled Red update, we will enable a function in Red to address user-added scripts and unfiltered HTML issues on websites. As is noted in the Red Theme Guidelines, these are not allowed on Red sites.
- Unfiltered HTML explained: this includes adding html into your text block rather than just plain text. This is usually done by switching from the “visual” tab of a text field to the “text” view tab.
Adding scripts or unfiltered HTML can negatively affect the UIC brand standards, accessibility and responsiveness that is built into the Red theme. In addition, they can potentially cause issues with performance and security on the Red Multisite Network.
The new Red function will remove such elements as iframes, embedded javascript, and custom css in text fields. This does NOT include the use of the text editing menu for adding bold, italic, bullets, and other styling found in that toolbar. It DOES include images added inside the text block, in the text area itself, rather than using the “include an image” functions, those images will be stripped out of the text.
We recommend that you review your content to remove any scripts or unfiltered HTML before this function is enabled to avoid any content issues for your site.
If you have added Tableau, Slate or Giving form elements in any manner outside of the specific embed components for those content types, you will need to convert to the corresponding components. The components will continue to work as expected and are built to work in Red without affecting brand, accessibility, responsiveness, performance or security.