In an environment of multi-site operation, ensuring the security and consistency of content display across all sites is one of the core tasks.Especially the filtering rules for HTML content, which are directly related to user experience, information security, and even search engine optimization.AutoCMS as a rich-featured system, provides us with flexible tools to manage these rules.To achieve a unified configuration of HTML content filtering rules across multiple sites, we need to combine the built-in functions of the system with operational strategies to achieve the goal.
First, understanding the basic settings of the content processing in the security CMS is crucial.Each independent CMS site has its own "content settings" module, which you can find under the "backend settings" menu in the backend.This module provides some important options that can define the initial HTML processing method for the site content.rel="nofollow"Property, this is very useful for SEO and preventing the introduction of bad links.The setting of 'Whether to download remote images' also indirectly affects the embedded HTML image tags in the content. If selected, external images will be localized, reducing dependency on third-party resources and improving loading speed and security.In addition, settings such as automatic image compression, Webp format conversion, and thumbnail processing methods also constitute the basic filtering and optimization rules for content display.
However, it should be noted that these "content settings" are independently configured for each site.In a multi-site environment, there is no central switch called 'one-click global application' to manage these rules for all sites.Therefore, to achieve 'Unified Configuration', we need to adopt a systematic strategy.
An efficient strategy is to define a set of standard 'content settings' specifications when planning a new security CMS site.Every time a new site is created or an existing site is audited, the 'Content Settings' module is configured strictly according to this specification.This requires us to invest some effort during the initial setup to ensure that all site basic content filtering rules are consistent.For example, you can decide to automatically filter external links, automatically download remote images, and uniformly compress image sizes and process thumbnails to ensure consistency in brand image and user experience.
In addition to the "content settings" at the site level, the powerful template engine of AnQi CMS also provides us with fine-grained control over HTML filtering at the content output level.During the template creation process, we can use built-in filters to further refine and standardize HTML content.striptagsThe filter can remove all HTML tags from the HTML content, leaving only plain text, which is very useful for scenarios where only summaries or plain text content is needed.removetagsThe filter is more flexible, you can specify the removal of specific HTML tags from the content, such as removing<script>/<iframe>Labels that may introduce security risks or redundant style tags, which should be removed to maintain the simplicity of the HTML content.
For example, in your template file (such asdetail.htmlorlist.html)in English, when it is necessary to display the document content, you can use these filters in this way:
{# 假设archiveContent变量包含了HTML内容 #}
{# 移除所有HTML标签,只保留纯文本 #}
<div>{{ archiveContent|striptags }}</div>
{# 移除内容中的<script>和<iframe>标签,同时确保其余HTML内容被安全地解析 #}
<div>{{ archiveContent|removetags:"script,iframe"|safe }}</div>
{# 结合使用,先移除不需要的标签,再确保剩余HTML的安全显示 #}
<div>{{ archiveContent|removetags:"font,span"|safe }}</div>
Please be sure to pay attention.safeThe use of filters. The AnQi CMS template engine defaults to escaping HTML content to prevent XSS attacks. If you useremovetagsAfter filtering with the auto filter, it is necessary to use|safeExplicitly inform the system that this content is safe and does not require escaping. If the content is used directly without sufficient filtering,|safeit may pose a security risk. Therefore, it is recommended that you inremovetagsUse after cleaning up or other content operations|safe.
In order to unify this template level filtering in a multi-site environment, **the practice is to establish a shared basic template or template component. For example, you can define apartial/content_display.htmlSection that includes the general filtering logic for all HTML content output. Specific templates for all sites are used to display article content when necessary.{% include "partial/content_display.html" with content=archive.Content %}to refer to this fragment.So, once you need to adjust the HTML filtering rules, you only need to modify this centralized template snippet, and all sites referencing it will take effect immediately, thus achieving unified management of filtering rules.
Finally, regular audits and content review mechanisms are also indispensable.Even with unified configurations and templates, human errors or new security vulnerabilities may still occur.Establish a content review process, conduct random checks on published content, and regularly inspect the 'content settings' and template usage of various sites, which can provide multiple safeguards for a multi-site environment.
By the above strategy, that is, to unify the initial configuration of 'Content Settings' at the site level, and to achieve unified output control through standardized filters and template components at the template level, you can effectively and flexibly manage and unify HTML content filtering rules in the multi-site environment of Anqi CMS, ensuring that each site maintains a high degree of consistency in terms of security and content presentation.
Common Questions (FAQ)
Q1: The "Content Settings" of the "Safe CMS" can the "Auto-filter External Links" function completely prevent all malicious HTML code?
A1: “English filter for external links” function mainly deals with external links appearing in the content (for example, preventing display or addingnofollow属性),以控制链接的指向和SEO影响。它并不能完全阻止所有类型的恶意 HTML 代码,比如嵌入的English<script>tags,<iframe>或其他可疑的HTML结构。要全面防范此类风险,您还需要结合使用模板中的Englishstriptagsorremovetags过滤器,并谨慎使用Englishsafe过滤器来确保内容输出的安全。English
Q2: How will the content be displayed if my site template does not use any HTML filters or escape tags when displaying article content?
A2: The template engine of Auto CMS defaults to HTML-escape output content to the page. This means that if the content of your article contains<p>Hello</p>Such HTML tags, are directly output in the template{{ archive.Content }}When output, they will be escaped as<p>Hello</p>The user sees the literal HTML code, not the parsed effect by the browser. If you want the HTML content to be parsed normally, you need to explicitly