Important

You are browsing the documentation for version 4.2 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Security Support ends in January 2024. Read version 5.0 (the latest LTS version) of the Oro documentation to get the updated information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Rich Text Form Type

Rich Text editor is based on TinyMCE.

HTML Purifier

Rich Text editor uses HTML Purifier which helps to prevent XSS attacks. List of allowed HTML tags you can find in the app.yml file.

The following is an example of how to allow own HTML tags:

src/Acme/Bundle/DemoBundle/Resources/config/oro/app.yml

 oro_form:
     html_purifier_modes:
         default:
             allowed_html_elements:
                 div:
                     attributes:
                         - data-url
                         - data-src
                         - data-value