[development] WYSIWYG editors considered harmful for siteadmins (and in general, but that's a separate thread)

Larry Garfield larry at garfieldtech.com
Mon Mar 12 23:23:31 UTC 2007

On Mon, 12 Mar 2007 16:02:37 -0700, "Boris Mann" <boris at bryght.com> wrote:
> On 3/12/07, Greg Knaddison - GVS <Greg at growingventuresolutions.com> wrote:
>> I post this here because I want to
>> 1) get some collective ideas on brainstorming
>> 2) warn other users from using WYSIWYG editors on admin/ pages
>> 3) alert module maintainers that if your settings page has a textarea
>> input you should be aware of this as a possible cause of problems
> This was discussed briefly in #drupal.
> Basically, as a best practice, we should tell WYSIWYG modules to look
> at filter_form and/or check using JS to see if an input form selector
> is available, and only then replace with a rich text area.
> Hopefully chx and/or UnConeD can provide some more tips here. I'm sure
> that module devs for rich text would love some guidance on this.
> And yes, a "real" hook for D6 would be even better, although I get the
> sense many folks are against WYSIWYG in general, but I'd rather not
> get into a religious war....

The "WYSIWYG devs" were clamoring for a "yes, use a WYSIWYG here" flag on textareas for weeks in the issue queue.  The eventual message they received was "write a contrib that does it and all agree on it, and that will solve the problem."

If it's a security risk, though, then allowing such a flag in core (we already have the collapse flag for fieldsets and the expandy-grippie flag for textareas in core) would give WYSIWYG editors exactly what they're asking for and also give them no excuse for putting a WYSIWYG editor in a "bad" place.  Greg's got it right. :-)

--Larry Garfield

More information about the development mailing list