[development] WYSIWYG editors considered harmful for site admins (and in general, but that's a separate thread)

Greg Knaddison - GVS Greg at GrowingVentureSolutions.com
Mon Mar 12 22:46:03 UTC 2007


Hi,

A while ago I got this bug report for pathauto:

http://drupal.org/node/121276

I tried and tried but couldn't reproduce the thing.  As you can read
from the issue it was quite confusing.  That was frustrating.

Then today someone figured out that their WYSIWYG editor was inserting
an   into the textarea.  That was the cause of the bug.

Chx suggested we handle this in the following manner:
   Can't we have a warning on he WYSIWYG editor project pages that if
   "you use this module, you are not entitled to support on core, any other
    module and also, security is your problem now, not ours?"

Thoughts on other solutions?

I'm thinking about going through all the WYSIWYG editors and adding a
critical issue that they disable themselves on all textareas in the
admin/* url-space.

I post this here because I want to

1) get some collective ideas on brainstorming
2) warn other users from using WYSIWYG editors on admin/ pages
3) alert module maintainers that if your settings page has a textarea
input you should be aware of this as a possible cause of problems

Regards,
Greg


More information about the development mailing list