| author | ymh <ymh.work@gmail.com> |
| Fri, 08 Sep 2017 12:04:06 +0200 | |
| changeset 541 | e756a8c72c3d |
| permissions | -rw-r--r-- |
|
541
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
1 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
2 |
WYSIWYG - What You See Is What You Get |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
3 |
HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
4 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
5 |
Javascript-based WYSIWYG editors, simply stated, are quite amazing. But I've |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
6 |
always been wary about using them due to security issues: they handle the |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
7 |
client-side magic, but once you've been served a piping hot load of unfiltered |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
8 |
HTML, what should be done then? In some situations, you can serve it uncleaned, |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
9 |
since you only offer these facilities to trusted(?) authors. |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
10 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
11 |
Unfortunantely, for blog comments and anonymous input, BBCode, Textile and |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
12 |
other markup languages still reign supreme. Put simply: filtering HTML is |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
13 |
hard work, and these WYSIWYG authors don't offer anything to alleviate that |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
14 |
trouble. Therein lies the solution: |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
15 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
16 |
HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors. |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
17 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
18 |
Enough said. |
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
19 |
|
|
e756a8c72c3d
integrate drupal and correct build process. update version
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
20 |
vim: et sw=4 sts=4 |