silverstripe-comments/docs/en/Configuration.md

# Configuration

## Overview

The module provides a number of built in configuration settings below are the default settings

	// mysite/_config.php 
	
	Commenting::add('Foo', array(
		'require_login' => false,
		'required_permission' => false,
		'use_ajax_commenting' => true,
		'show_comments_when_disabled' => false,
		'order_comments_by' => "\"Created\" DESC",
		'comments_per_page' => 10,
		'comments_holder_id' => "comments-holder", 
		'comment_permalink_prefix' => "comment-",
		'require_moderation' => false,
		'html_allowed' => false, // allow for sanitized HTML in comments
		'html_allowed_elements' => array('a', 'img', 'i', 'b'),
		'use_preview' => false, // preview formatted comment (when allowing HTML)
	);
	
If you want to customize any of the configuration options after you have added the extension (or
on the built-in SiteTree commenting) use `set_config_value`

	// mysite/_config.php - Sets require_login to true for all pages
	Commenting::set_config_value('SiteTree', 'require_login', true);
	
	// mysite/_config.php - Returns the setting 
	Commenting::get_config_value('SiteTree', 'require_login');
	
## HTML Comments

Comments can be configured to contain a restricted set of HTML tags
through the `html_allowed` and `html_allowed_elements` settings.
Raw HTML is hardly user friendly, but combined with a rich-text editor
of your own choosing it can allow rich comment formatting.

In order to use this feature, you need to install the
[HTMLPurifier](http://htmlpurifier.org/) library.
The easiest way to do this is through [Composer](http://getcomposer.org).

	{
		"require": {"ezyang/htmlpurifier": "4.*"}
	}

**Important**: Rendering user-provided HTML on your website always risks
exposing your users to cross-site scripting (XSS) attacks, if the HTML
isn't properly sanitized. Don't allow tags like `<script>` or arbitrary attributes.
NEW Optionally allow (sanitized) HTML in comments 2013-02-21 16:39:57 +01:00			`# Configuration`

			`## Overview`
MINOR: documentation 2010-12-13 00:48:20 +01:00
			`The module provides a number of built in configuration settings below are the default settings`

			`// mysite/_config.php`

			`Commenting::add('Foo', array(`
			`'require_login' => false,`
			`'required_permission' => false,`
			`'use_ajax_commenting' => true,`
			`'show_comments_when_disabled' => false,`
			`'order_comments_by' => "\"Created\" DESC",`
			`'comments_per_page' => 10,`
			`'comments_holder_id' => "comments-holder",`
			`'comment_permalink_prefix' => "comment-",`
NEW Optionally allow (sanitized) HTML in comments 2013-02-21 16:39:57 +01:00			`'require_moderation' => false,`
			`'html_allowed' => false, // allow for sanitized HTML in comments`
Use newlines in comments. 2013-03-05 09:37:00 +01:00			`'html_allowed_elements' => array('a', 'img', 'i', 'b'),`
NEW Comment previews 2013-03-04 11:37:18 +01:00			`'use_preview' => false, // preview formatted comment (when allowing HTML)`
MINOR: documentation 2010-12-13 00:48:20 +01:00			`);`

			`If you want to customize any of the configuration options after you have added the extension (or`
			on the built-in SiteTree commenting) use `set_config_value`

			`// mysite/_config.php - Sets require_login to true for all pages`
			`Commenting::set_config_value('SiteTree', 'require_login', true);`

			`// mysite/_config.php - Returns the setting`
			`Commenting::get_config_value('SiteTree', 'require_login');`

NEW Optionally allow (sanitized) HTML in comments 2013-02-21 16:39:57 +01:00			`## HTML Comments`

			`Comments can be configured to contain a restricted set of HTML tags`
			through the `html_allowed` and `html_allowed_elements` settings.
			`Raw HTML is hardly user friendly, but combined with a rich-text editor`
			`of your own choosing it can allow rich comment formatting.`

			`In order to use this feature, you need to install the`
			`[HTMLPurifier](http://htmlpurifier.org/) library.`
			`The easiest way to do this is through [Composer](http://getcomposer.org).`

			`{`
			`"require": {"ezyang/htmlpurifier": "4.*"}`
			`}`

			`Important: Rendering user-provided HTML on your website always risks`
			`exposing your users to cross-site scripting (XSS) attacks, if the HTML`
			isn't properly sanitized. Don't allow tags like `<script>` or arbitrary attributes.