Yo,
I am currently working on a project and I have come across a small hump, first off my project is a CMS, hopefully to one day power a ton of sites... we all have to have our dreams
. But I am stuck on the editors.
I am not sure whether to be safe and use BBCode for things, or to use RTE's giving a live view of everything that happens instead of the code. The problem with that is filtering the good and the bad HTML.
A few solutions I have thought of.
1, Use HTML purifier (looked into it and seems complicated?)
2, Use an array of allowed tags.
3, Stick with BBCode but no be user friendly.
Does anyone have any suggestions? And also what editors do you recommend? TinyMCE/MarkitUp ect.
All help is appreciated.
Are we talking about for admins to publish their content? If so, you should just allow raw HTML, since they may want to embed things, and can be trusted to do so if it's their site.
If you're talking about comments or other user entered things, you have a few options, like you said. BBCode would work, markdown (
http://daringfireball.net/projects/markdown/) would work, both of which would be fairly simple to implement. A slightly harder but still realistic alternative would be to allow users to enter html, which is then all filtered through htmlspecialchars() (I believe you're using PHP, apologies if I'm wrong). After filtering it through, you can go and do some string replacement on the strings of entities that you want to convert back into tags. While you could strip out everything you don't want, only leaving the ones you do, assuming everything is bad then allowing certain things is safer.
Edit: I completely missed out the actual editors part of that. Either way, you first need to decide on what format you wish to use, then work from there
(2012-07-20, 06:20 PM)Charlie Hadden Wrote: [ -> ]Are we talking about for admins to publish their content? If so, you should just allow raw HTML, since they may want to embed things, and can be trusted to do so if it's their site.
If you're talking about comments or other user entered things, you have a few options, like you said. BBCode would work, markdown (http://daringfireball.net/projects/markdown/) would work, both of which would be fairly simple to implement. A slightly harder but still realistic alternative would be to allow users to enter html, which is then all filtered through htmlspecialchars() (I believe you're using PHP, apologies if I'm wrong). After filtering it through, you can go and do some string replacement on the strings of entities that you want to convert back into tags. While you could strip out everything you don't want, only leaving the ones you do, assuming everything is bad then allowing certain things is safer.
Edit: I completely missed out the actual editors part of that. Either way, you first need to decide on what format you wish to use, then work from there
Yes I am using PHP
, Hmm allowing raw HTML when you put it like that seems valid. Regarding comments, I don't have that issue due to it being a CMS currently, if I had a blog module I would look into it. I will also look into markdown and htmlspecialchars() in more depth.
Thanks for your help, still looking for others opinions though
Also Charlie what is your opinion on editors? TinyMCE ect?
(2012-07-20, 06:32 PM)itheme Wrote: [ -> ]Regarding comments, I don't have that issue due to it being a CMS currently,
That's why I suggested the admin idea first
(2012-07-20, 06:32 PM)itheme Wrote: [ -> ]Also Charlie what is your opinion on editors? TinyMCE ect?
It depends what you want really, I've used a lot and even written my own before. What kind of functions would you want to be included?
(2012-07-20, 06:37 PM)Charlie Hadden Wrote: [ -> ] (2012-07-20, 06:32 PM)itheme Wrote: [ -> ]Regarding comments, I don't have that issue due to it being a CMS currently,
That's why I suggested the admin idea first
(2012-07-20, 06:32 PM)itheme Wrote: [ -> ]Also Charlie what is your opinion on editors? TinyMCE ect?
It depends what you want really, I've used a lot and even written my own before. What kind of functions would you want to be included?
I want it to be flexible, MarkItUp is pretty nice I think, but then again There are tons of others with a hundred other features. Looking for flexibility and simpleness
Yeah, MarkItUp does look pretty decent. I've never used it myself, though.
(2012-07-20, 06:48 PM)Charlie Hadden Wrote: [ -> ]Yeah, MarkItUp does look pretty decent. I've never used it myself, though.
So which ones have you used? And which do you find the best for the jobs you have done?
I can't remember exactly which ones I've used, they were mostly lightweight though. I know for a fact that I've used TinyMCE, Wyzz (which is really quite nice), and NicEdit. And of course the one that I wrote, although that was very minimal since it was designed for a very specific purpose
(2012-07-20, 06:55 PM)Charlie Hadden Wrote: [ -> ]I can't remember exactly which ones I've used, they were mostly lightweight though. I know for a fact that I've used TinyMCE, Wyzz (which is really quite nice), and NicEdit. And of course the one that I wrote, although that was very minimal since it was designed for a very specific purpose
Ah ok i'll look into them