[consulting] Wysiwyg Frustrations: My Approach, What is Yours

Joe Hyde joeghyde at gmail.com
Sun Jul 3 21:00:11 UTC 2011 

Shai--

I am guilty of making CKEditor work on Full HTML, but add the additional
step of only allowing CKEditor FULL HTML fields to be used by an
administrator-ish (or, restricted) role. The audience gets a textarea with
no editor.

to add to your list of concerns is that I'd like to know what folks are
doing for inline images in D7. I just set up a client with the
CKEditor/CKFinder combo. But I wonder if there is better way to get
integration with the D7 Media module?

Joe
http://www.sanangelolive.com/

On Sun, Jul 3, 2011 at 11:28 AM, Shai Gluskin <shai at content2zero.com> wrote:

> Folks,
>
> Why this post to this list? I have plenty of issues and help requests out
> in various places... I thought this list would be the best place to share my
> overall process and problems and hopefully hear yours.
>
> I use the Wysiwyg Api module <http://drupal.org/project/wysiwyg> because
> it is the most "Drupally" and seems to make the most sense in the long run.
> It already has wide acceptance being installed on 130K sites.
>
> My clients require a full featured WYSIWYG like CKeditor or TinyMCE.
>
> The easiest set up is simply to assign a wysiwyg profile and use Drupal's
> "Full HTML" "Input format" (D6)/"Text format" (D7).
>
> That approach is *unacceptable* for the following reasons:
>
>
>    1. It's not secure
>    2. Content creators/editors can easily destroy the site design
>
> Using Drupal core's "HTML Filter" is equally unacceptable because it *doesn't
> allow html attributes to be added*, which is necessary for the chosen
> wysiwyg to deliver functionality.
>
> The solution is to use one of the following three modules:
>
>    1. wysiwyg_filter <http://drupal.org/project/wysiwyg_filter> (D7
>    version currently at http://drupal.org/sandbox/axel.rutz/1105784 until
>    module takeover process is completed)
>    2. htmlpurifier <http://drupal.org/project/htmlpurifier>
>    3. htmLawed <http://drupal.org/project/htmLawed>
>
> I'm using wysiwyg_filter. It's D6 version is stable and good. However the
> maintainer disappeared. @axel.rutz has done great work on D7; he has filed
> an issue to take over the project <http://drupal.org/node/1105850>. I'm
> assuming that will be successful.
>
> *Teaser break plug-in broken in wysiwyg module*.
>
> This issue has been open since, July, 2009 <http://drupal.org/node/510552>,
> kind of scary. I somewhat overstated the issue in my bolding above, which is
> why, possibly, this issue hasn't been solved yet, in addition to the
> significant technical challenges. What happens with the teaser break plug-in
> turned on is that self-closing tags like <br> and <img> are closed like ">"
> and not the XHTML way, "/>". For folks not using wysiwyg_filter,
> htmlpurifier or htmLawed, the upshot is code that doesn't validate for
> XHTML, not a huge deal (depending on your personality [?]). However, for
> anyone using one of those html filter modules, any improperly closed
> self-closing tag gets stripped away, making a fix absolutely imperative.
> There is a working patch at: http://drupal.org/node/510552#comment-3879096.
> Note that patch only solves the problem for the latest version of CKeditor
> and not TinyMCE. The maintainers of wysiwyg have not committed the patch
> because they are trying to address the problem in a better way. But in the
> meantime, new Drupal users who may have a hard time finding that patch are
> going to be quite frustrated.
>
> To sum up so far:
>
>
>    1. If you care about security and/or site design, an html filter is
>    key. It can't be the one that comes with Drupal.
>    2. I have found the patch to fix the teaser break problem in wysiwyg
>    and I've switched from TinyMCE to CKeditor because the patch works with the
>    latter only.
>
> *However: getting the Wysiwyg to actually be: "what you see is what you
> get" (or anything close to it), I have found impossible.*
> *
> *
> Because Drupal's "input filters" are actually "output" filters  the end
> user will see in the editor formatting that will be stripped by the html
> filter when the page is rendered. This is a huge usability issue. Careful
> selection of "buttons and plug-ins" in the editor configuration as well as
> current "Paste to Word" plug-ins for CKEditor and TinyMCE go a bit of the
> way in addressing these issues. But there are still many ways in which code
> that will be filtered can get into your editing box and display formatting
> to the user that will be filtered when the page is displayed.
>
> *I've looked for a CKEditor plug-in that would essentially do what
> wysiwyg_filter does on the output for the editor on the input. I have not
> found one. Have you?*
>
> *My guess is that most of the 130K users of the wysiwyg module get
> frustrated and simply take their chances with "Full HTML" and try to solve
> both security and site design problems via educating the client (re site
> design) and good site monitoring and backup (to, sort of, address security
> issues).*
>
> Am I missing something?
>
> I really want to hear from you on what you do.
>
> Thanks,
>
> Shai
>
>
>
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>
>


-- 
Joe Hyde
Interactive Advertising
http://www.hydeinteractive.com
(214) 893-6791
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/consulting/attachments/20110703/a70ae47e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 96 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/consulting/attachments/20110703/a70ae47e/attachment.gif

More information about the consulting mailing list