Rename input formats to reflect their purpose.

Nice one getting this running. I'm not 100% on 'safe HTML' though - it's easy to add a few tags and it not be 'safe' any more. Maybe 'restricted HTML'?

@flubruit: I understand your reasoning there, but I agree with catch that "Safe HTML" sounds like it is secure, while there is no guarantee.

I don't know. I think "Restricted HTML" suffers from almost the same problem as "Safe HTML" as it may describe a condition that does not exist.

Plus, this patch changes to:

-  db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Filtered HTML', ',1,2,', 1);
-  db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Full HTML', '', 1);
+  db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Restricted HTML', ',1,2,', 1);
+  db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('%s', '%s', %d)", 'Unfiltered HTML', '', 1);

• I agree totally that "Full HTML" is bad.
• I don't mind "Filtered HTML", though something like "Filter HTML tags" is better, IMO.
• "Restricted HTML" and "Unfiltered HTML" are not parallel at all. The two conditions should have a relationship to one another. If we say "Restricted" we should say "Unrestricted". For this reason, I'm setting to CNW.

I *think* I might prefer something like "Filter HTML tags" and "Do not filter HTML tags".

I agree with flobruit - even if you individually specify every html tag there is (including <blink> and some HTML 3 proprietary stuff), it's still restricted in that tags are opt-in - so say HTML5 adds a new tag, it would be blocked by that format.

Can we call it "Unfiltered (unsafe) HTML"?

The two conditions should have a relationship to one another. If we say "Restricted" we should say "Unrestricted".

I'm with keith.smith on this one. "Restricted HTML" and "Unrestricted HTML" not only reflect what the actual function of the two filters are, they are also highly meaningful even to non-drupal users.

+1 for Restricted/Unrestricted

Patch no longer applied. Reroll attached, with "Unfiltered" changed to "Unrestricted".

I agree with #9 and #10. Couldn't we have "Unrestricted (unsafe) HTML"?

system_update_7005() is taken so upped to 7010, also did a find and replace in filter.test since that was failing a lot, and ran all tests with the patch applied to check the rest are unaffected.

This ought to be ready now.

I did a visual review, everything looks good - I couldn't nitpick on anything.

I'll let another person apply the patch to ensure it installs/updates and set status to RTBC.

Crossposted with Damien.

What about removing 'Unrestricted HTML' from the default install profile altogether? #275815: Fix filter and input format saving moves them out of system.install which is a start. Personally I think this naming is fine and would like to get this in, adding 'unsafe' seems a bit redundant when we could just kill it altogether in a followup patch.

+1 and patch applies.
-1 on using "Safe". What does "safe" mean anyway. It's too vague.

Actually the install profile issue is currently stalled due to the ugliness with which input formats are created, so I'd rather keep this one open.

I'm not convinced the two "input formats" need to have a direct relationship to each other (as in "foo" vs "unfoo"). They just both need self-documenting names that end-users are likely to understand. Over at #244904: UMN usability: Rename 'input formats' we have a pretty broad range of agreement on the following:

- Filtered HTML
- Unsafe HTML

Leave "Filtered HTML" alone. It does start life as an "input format" that filters out all HTML tags but a whitelist of allowed tags. Sure, people can reconfigure it to break that, but at least to describe the initial state, "Filtered HTML" is what it is. Even non-technical site admins who don't fully grok the details will at least associate "filtered HTML" with a "filter" and generally "filter" means "selectively take out unwanted stuff", which points them in the right direction.

"Unsafe HTML" is (IMHO) the perfect name for the thing currently called "Full HTML". It's unsafe. That immediately gets end-user site-admins to think twice before granting access to this filter, setting nodes to use it, etc. I don't think "Unrestricted" gets the same message across. "Unrestricted" sounds like like "HTML Unlimited" or something -- more like marketing jargon than a warning to site admins. Furthermore, naming an input format "Unsafe" not only self-documents that particular format, it also self-documents that input formats have to do with security, and can be configured insecurely, and so you better know what you're doing if you go clicking around in there.

So, let's leave "Filtered HTML" alone and just rename "Full HTML" to "Unsafe HTML". I don't see what a "relationship" between the two names buys us in usability.

Hm. At first sight:

-1 for too similar names, i.e. "(un)restricted HTML": Two easily overlooked characters should not decide on whether something is safe or horribly unsafe (by default).

That said, all of the default formats can only describe what they do by default. If the site admin manages to make "Filtered HTML" unsafe, ... well, this is the wrong issue to debate this.

My vote goes for:

"Restricted HTML"
"Unsafe HTML"

'Unsafe HTML' sounds like an input format where you can only enter <script><object> etc. tags in. At this point I'm leaning towards just removing it from the default install entirely.

how about:
- "Restricted HTML"
- "Unsecured HTML"

Sorry.

#24 sounds good to me.

I'm liking #24 too, FWIW.

I think "Filtered HTML" name is accurate and easy to understand. While "Full HTML" doesn't really explain anything. I would go with:

"Filtered HTML"
"Unsecured HTML"

Would it make sense to rename the "PHP code" format in this issue as well?

The problem with "PHP code" is it sounds like it might be something that produces highlighted PHP code (like the filter in use on the d.o. issue queue), rather than something that executes the PHP code. Those are kinda different things :)

The PHP filter is currently called "PHP evaluator", which seems like a much better name... Maybe the text format can be changed to use that name as well?

afaics:

Current Status (with php filter enabled):
- "Restricted HTML"
- "Unsecured HTML"
- "PHP evaluator"

I like the idea of using one root word and prefixing it with 'un' for consistency sake:

Safe
Unsafe

Restricted
Unrestricted

I also think that 'Execute PHP' is better for 2 reasons:

1) Execute is a powerful word and it would guarantee that users would "stop and think twice" before using it.
2) Because all the HTML/PHP text would be on the right of the adjective. (Yes I realize it is rather pedantic)

They've been renamed in D8 — see https://drupal.org/node/1941642.

This discussion is now outdated, if you want to rename the current text formats, then please create a new issue.