[development] WYSIWYG editors
mark burdett
mfburdett at gmail.com
Tue Mar 13 00:28:38 UTC 2007
One thing that would help me is defining multiple default input formats.
So, untrusted users get the WYSIWYG editor with filtered HTML by default,
trusted users get the WYSIWYG editor with less filtered HTML by default.
And I would prefer that the trusted users not even have access to
multiple input formats, it just adds more clutter to the form..
--mark
On 3/12/07, Karoly Negyesi <karoly at negyesi.net> wrote:
> Hi,
>
> I would like to put a note on fckeditor and tinymce (and offspring) and
> any other WYSIWYG project pages minus WYMeditor:
>
> If you use this module, then please do not ask for support on any other
> module or core and please note that you might or might not face security
> problems.
>
> Reason:
>
> http://drupal.org/node/84797
> http://drupal.org/node/121276
>
> Regarding the latter, Greg agreed with me regarding the note above.
> Regarding security, those who use such a module, might be inclined to
> relax the tight security of filtered HTML to allow fancy features of the
> editor and there it goes. Indeed what you see is what you get even if it's
> XSS.
>
> Regards,
>
> NK
>
More information about the development
mailing list