[development] WYSIWYG editors considered harmful for site admins (and in general, but that's a separate thread)

Joakim Stai joakimstai at gmail.com
Tue Mar 13 12:51:45 UTC 2007


I think some developers need to lay their personal issues with WYSIWYG
editors aside and acknowledge that it is wanted and needed by many end
users of Drupal. It's something so important for so many users (also
potential ones) that it should be something easy to implement and safe
to use.

I see the issues many developers have with these editors. But instead
of writing it off as the devil's work, we should promote the safest
possible use of these editors, particularly in the handbook and on the
project pages of the editor modules.

As for the <font> tag from hell, I tend to remove its toolbar controls
from TinyMCE and instead give my customers the Styles dropdown
containing classes of the website's CSS (or a separate CSS file). As a
bonus, this makes for much cleaner code and easier to read texts. I
don't give them the "Edit HTML code" button either. I'm also looking
into HTML Purifier which with its whitelist stops XSS and creates
standards compliant code.

>From the HTML Purifier website:
"Even the most dogmatic purist, however, should recognize that for all
its faults, prospective clients really want rich text editors. There
are steps you can take to mitigate the associated drawbacks of these
editors." -> http://hp.jpsband.org/comparison.html

Drupal module here (beta):
http://bart.motd.be/projects/html-purifier-drupal-module


More information about the development mailing list