[ABD] WYSIWYG Rich Text Editor for Post and Private Message

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Locked
javispedro
Registered User
Posts: 58
Joined: Thu Apr 22, 2004 7:34 pm

Post by javispedro » Mon Jun 06, 2005 2:02 pm

What are the security problems with letting the users enter pure HTML -- even without WYSIWYG editor?
( I'm currently using RTE editor for my phpBB setup )
CSS could destroy my board's theme? str_replace style=
javascript could do something bad to users? str_replace javascript: onclick onmouseover etc.
Buggy old firefox users can get redirected to some bad configuration screen? str_replace chrome:
*** IE users? activex:
In fact this is included in latest phpBB 2.0.15.

Dj NaSh
Registered User
Posts: 58
Joined: Thu Apr 01, 2004 6:57 pm
Location: Israel
Contact:

Post by Dj NaSh » Mon Jun 06, 2005 2:09 pm

Users can somehow enter an Iframe with ASP pages or anything else that can take control of your board.
Usually graphically, as in DIVs that place visuals on your screen.

I'm sure there are many more possibilities that hackers inject bad code via HTML to your forum.
Salsa in Israel!
--> www.LaMusica.co.il

User avatar
webmedic
Registered User
Posts: 323
Joined: Tue May 28, 2002 2:37 am
Contact:

Post by webmedic » Mon Jun 06, 2005 2:46 pm

1) please find a solution that is cross browser.
2) I don't understand what you are trying to state. I'm quite sure that phpbb does not include those exploits by default.
3) there are ways to plug the security holes using allot of regexes yes. But if this is done then it puts a much higher load on your server which means that as you user base grows you will require much more expensive servers to run such a thing.

You cant have any of this both ways and there are advantages and disadvantages both ways.

The best solution would be something that is

1) crossbrowser usable. IE only does not cut it and has not for years. Now that some site are seeing 25% mozilla use or more (mine is close to 45% were I have allot of users that are web developers or more web savy users) Having a solution that only supports one browser is simply not acceptable.
2) gets the info and takes out the html and turns it into bbcode to store it into the db. This way you have decent amount of security in the stored data and still allow for posting with html.

This will all take time and I dont know of anybody out there willing to pay for development for a real developer to do it. Everybody wants it for free and then complains that it does not work good enough. So you all have a solution and it really has nothing to do with others trying to keep it form you but rather with what is it worth to you. If you aren't willing to pay a dev to work on it or offer money for support on a product you wont see most devs working on something like this for free. Seeing as how others are charging money for mods like this for other boards.

Whats it really worth to you?

Dj NaSh
Registered User
Posts: 58
Joined: Thu Apr 01, 2004 6:57 pm
Location: Israel
Contact:

Post by Dj NaSh » Mon Jun 06, 2005 3:26 pm

The main issue here,
is that even if one should pay for a developper to work out the best solution possible,
problems would occur when starting to upgrade things in the board.
If the solution isn't made by the official staff of the phpBB team,
most chances are, it will have indiscrepencies with future releases from the team.
Salsa in Israel!
--> www.LaMusica.co.il

ace2ace
Registered User
Posts: 364
Joined: Sat Aug 14, 2004 3:48 pm

Post by ace2ace » Mon Jun 06, 2005 6:21 pm

It would be nice if the author could provide a way to select the default Editor in the Admin Panel.

Or at least provide info about how we can do it ourselves. Anyone investigating this? Since the author is not responding to any of these messages.

Thanks.

ace2ace
Registered User
Posts: 364
Joined: Sat Aug 14, 2004 3:48 pm

Re: My experience with this editor

Post by ace2ace » Mon Jun 06, 2005 6:25 pm

maxnorris wrote: First off, when it came to handling breaks (<br> and such), there are a few errors. (It wouldn't translate them correctly, resulting in rather odd looking formatting, plus words getting squished together, etc) I did manage to fix this tho, and got it working correctly. (If anyone really wants it I can point out the lines needing changed to work with phpBB correctly)


I am interested.
thanks.

ace2ace
Registered User
Posts: 364
Joined: Sat Aug 14, 2004 3:48 pm

Re: FCKEditor

Post by ace2ace » Mon Jun 06, 2005 6:30 pm

Aryos_ wrote: The best editor to use in phpbb is FCKEditor. It's cross-platform, fast and it even has smilies! The user can even remove the editor while posting. I'm using it at my mambo site in my phpbb 2.0.13 mod and everyone is happy wit it. You can get it here and it's free:

http://www.fckeditor.net/

All you have to do is modify your posting_body.tpl template to replace your texare and allow the appropriate HTML tags in posting through the phpbb administration panel.


Can you show where to make the modification?
Thanks.

Patrick Simmons
Registered User
Posts: 296
Joined: Fri May 13, 2005 12:38 pm
Contact:

Post by Patrick Simmons » Mon Jun 06, 2005 8:22 pm

Very nice mod. I have had nothing but compliments on the new addition.

denadai2
Registered User
Posts: 25
Joined: Sat Jan 15, 2005 9:51 pm

Post by denadai2 » Mon Jun 06, 2005 9:27 pm

i don't see anything..

Image

leecovuk
Registered User
Posts: 166
Joined: Mon Apr 11, 2005 2:11 pm

Post by leecovuk » Tue Jun 07, 2005 1:41 am

javispedro wrote: I'm currently using RTE editor for my phpBB setup

Javispedro,

Which Rich Text Editor are you using on your phpBB ? Is it working acceptably in at least IE and Firefox?
If so, could you please tell me all the details, including which phpBB version you are using along with any other mods.
I'd be very grateful.

I'm assuming you're not talking about Hoteditor because my best attempts at adding it to phpBB result in cross browser
incompatibilities including some font rendering and line break problems.
Even the hoteditor site's own phpBB install shows problems.

Thankyou.

denadai2
Registered User
Posts: 25
Joined: Sat Jan 15, 2005 9:51 pm

Post by denadai2 » Tue Jun 07, 2005 7:53 pm


abidjantalkcom
Registered User
Posts: 96
Joined: Sun May 22, 2005 2:02 am

Post by abidjantalkcom » Wed Jun 08, 2005 1:37 am

Thanks denadai2

dESiLVer
Registered User
Posts: 50
Joined: Wed May 04, 2005 9:26 pm
Location: Turkey
Contact:

Post by dESiLVer » Mon Aug 01, 2005 5:40 pm


coreissue
Registered User
Posts: 97
Joined: Tue Feb 24, 2004 8:27 pm
Contact:

Post by coreissue » Fri Aug 05, 2005 4:26 pm



Mine runs clean. No issues. 2.0.17 and modded, includeing CH 2.1.0.

coreissue
Registered User
Posts: 97
Joined: Tue Feb 24, 2004 8:27 pm
Contact:

Post by coreissue » Fri Aug 05, 2005 4:27 pm

Question on the load time. Will it load as slowly on phpBB?

Locked

Return to “[2.0.x] MODs in Development”