Excellent comments, that is the right approach.<br><br><div><span class="gmail_quote">On 3/13/07, <b class="gmail_sendername">Joakim Stai</b> <<a href="mailto:joakimstai@gmail.com">joakimstai@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I think some developers need to lay their personal issues with WYSIWYG<br>editors aside and acknowledge that it is wanted and needed by many end
<br>users of Drupal. It's something so important for so many users (also<br>potential ones) that it should be something easy to implement and safe<br>to use.<br><br>I see the issues many developers have with these editors. But instead
<br>of writing it off as the devil's work, we should promote the safest<br>possible use of these editors, particularly in the handbook and on the<br>project pages of the editor modules.<br><br>As for the <font> tag from hell, I tend to remove its toolbar controls
<br>from TinyMCE and instead give my customers the Styles dropdown<br>containing classes of the website's CSS (or a separate CSS file). As a<br>bonus, this makes for much cleaner code and easier to read texts. I<br>don't give them the "Edit HTML code" button either. I'm also looking
<br>into HTML Purifier which with its whitelist stops XSS and creates<br>standards compliant code.<br><br>>From the HTML Purifier website:<br>"Even the most dogmatic purist, however, should recognize that for all<br>
its faults, prospective clients really want rich text editors. There<br>are steps you can take to mitigate the associated drawbacks of these<br>editors." -> <a href="http://hp.jpsband.org/comparison.html">http://hp.jpsband.org/comparison.html
</a><br><br>Drupal module here (beta):<br><a href="http://bart.motd.be/projects/html-purifier-drupal-module">http://bart.motd.be/projects/html-purifier-drupal-module</a><br></blockquote></div><br>