Hello everyone! I am trying to figure out which WYSIWYG editor to go with. Their are many different options available out their, and so far I am very impressed with InnovaStudio's WYSIWYG editor http://www.innovastudio.com/editor.asp Although, after previewing the demo: www.innovastudio.com/demo_online/editor2/default.php It seems to act a little weird in some few places. The price is set around 69.99 I believe and also has a content management come as part of it (images, media etc). Try the demo out and let me know what you think of it. Their are a few nit picky things I was kind of getting annoyed with, but maybe it was because I am tired... let me know what you think of it anyways... Also, what, if any, WYSIWYG editors would be recommended (from experience from the webmaster side). I believe the one that this vbulletin software uses is HTMLarea, but I may be incorrect. Htmlarea seems like a pretty nice piece of software as well. Let me know... Drew
First of all is this for ASP or PHP? I use TinyMC which is pretty secure and works well. I try to stay away from them and only have it in my admin area because they can have security holes. Dan
PHP of course What type of security holes are you talking about? What else can be done to the textarea save the fact of information that can already be posted through it??
essentially because it posts HTML it offers an SQL injection possibility. If you look at some of the ones like htmlarea they often have security issues. You will also find that a lot of CMS's have issues because of their editors. I only allow posting in my forums and comments to news so dont often need an editor. You kind of have to weigh up whether it is something you need and will be highly useful or just a nice to have! I know a lot of them require almost daily updates which is something I am never prepared to do
Ah, the old Injection bit... eh... Thank you for bringing this up to me, I never thought of it this way. Although their is always the options of having it format with the html, converting the html to bbcode (removing any html what so ever), then doing the query. However, shouldn't mysql_real_escape_string take care of any of these issues?
Well, this definately makes alot of sense why vbulletin has two columns for each post, the original html and the bb version'ed
Some of them yes. But ther are other issues. I am by no stretch of the imagination a security expert so someone else may be able to explain it a little beter though
Ok. I have done some research on the security issues within these editors, and what it looks like I am going to do is actually create a file from the editor. It will be completely seperate from the SQL. See the problem is I need the users to be able to submit HTML (specific tags), and this includes formating (Divs, css etc). I have already created a function to do this, and everything seems pretty safe. Of course the error checking and whatnot is done as well with the file. While the title of the document is still held in the database, the content is a pure TXT file.
i would also advise using TinyMCE .... its real lightweight and the developers have done a good job using it , + it has got active modders supporting it
Please, if you must use a WYSIWYG, at least learn how to read code enough that you can fix any problems in the coding they output.
That may be abit harsh. They are designed for novices to use their system rather than advanced coders. I dont use them and I taught my admins and mods not to use them but still I know some like them, and like any code you need to put your faith in the developers
I use the xinha Editor at my site, it is probably one of the better editors out there. You can see it in action at the demo of my article script: http://demo.articletrader.com/submit/ The benefit of this editor over others is that it is licensed under a BSD style license, not GPL like most others. This means you can sell or add other scripts that use the plugin.
Yeah, fear not in this one. That was the hole intention of the WYSIWYG editor; for the novice users of the site. I have currently installed/implemented tinyMCE and aside from some very strange bugs, it seems to work very well. The cleanup routines are outstanding, and the code layout that comes out is pretty damn clean! Trust me on this one; this has nothing to do with my knowledge of PHP/HTML; I assure you my skills are profound in this area, it is for the novice ones
I've used http://www.kevinroth.com/rte/ not because of features (don't see a need to allow tables or the like for my applications, and I convert all the HTML into BB-style codes anyhow) but because it had a "public domain" license... I see it's changed to a creative commons attribution now, but that's still fairly permissive.
I also suggest TinyMCE I think it's very good and VERY customizable, it also has a good support forum... regards