This is the second post in a series about the Rich Text Editor (RTE) in Sitecore. To read what the first post was about just click the basics of setting up the RTE here.
Restrict the Authors
So you have now created your own HTML Editor Profile and configured your site to using it. Previously we have hidden some toolbars not to irritate our Authors. Well … they can still switch to HTML mode and change the raw HTML of the field and (even occasionally) break the magic! So nothing is stopping them from googling their favourite piece of novel (of caurse with an ugly font) and paste all of it into the HTML.
There are 2 places that the authors have access to the raw HTML. In the bottom of the Rich Text Editor, there is a pane that gives access to the raw HTML.
And there’s a link that says “Edit HTML”, in the Content Editor, just above a rich text field, which does just that.
Fortunately, Sitecore can manage it and make out live more easy 🙂
Configuring HTML access
Luckily, Sitecore makes this task easy as it is possible to restrict access to these functions through access rights. This means that you can block HTML edit from your Authors while administrators still can edit HTML.
In the Core database, navigate to ‘/sitecore/system/Field types/Simple Types/Rich Text/Menu’. Here you will find the “Suggest fix” and “Edit HTML” which are shown as links in the Content Editor as seen above. We also want to remove the ‘Suggest fix’ as this function sometimes can break your HTML if you don’t know what you are doing.
Select the Edit HTML item and open the Access Viewer found in the menu under the Security tab. Here you will see what kind of access rights are assigned. You will need to find out which role your Authors have. Usually it will be the “Author” role, but this usually differs between various sites. Still having the Edit HTML, open the security Editor from the menu.
In this case the Authors don’t have any special rights assigned, so we need to select the using the “Select” button in the top left. This opens a pop up window where we can find the Authors role and select it. Then, ensuring that the Authors role is selected in the pane above, click the ‘x’ on the ‘Read’ column beside the Edit HTML item. Then do the same for the ‘Suggest fix’ item.
This fixed the problem in the content editor. Close the security editor and access viewer and navigate to ‘/sitecore/system/Settings/Html Editor Profiles/Rich Text XYZ/WebEdit Buttons/Edit html’ (the path of the profile of your Rich Text Editor), and repeat the process above to remove the Read access rights for the Authors.
Your Authors can no longer Edit HTML in the Content Editor or in the RTE now.
The next article in this series about the Rich Text Editor in Sitecore, will show you how to prevent your Authors from pasting formatted word text, HTML tags etc. directly into the editor, destroying your W3C validated site.