[development] WYSIWYG editors considered harmful for site admins (and in general, but that's a separate thread)
victorkane at gmail.com
Tue Mar 13 13:52:53 UTC 2007
Excellent comments, that is the right approach.
On 3/13/07, Joakim Stai <joakimstai at gmail.com> wrote:
> I think some developers need to lay their personal issues with WYSIWYG
> editors aside and acknowledge that it is wanted and needed by many end
> users of Drupal. It's something so important for so many users (also
> potential ones) that it should be something easy to implement and safe
> to use.
> I see the issues many developers have with these editors. But instead
> of writing it off as the devil's work, we should promote the safest
> possible use of these editors, particularly in the handbook and on the
> project pages of the editor modules.
> As for the <font> tag from hell, I tend to remove its toolbar controls
> from TinyMCE and instead give my customers the Styles dropdown
> containing classes of the website's CSS (or a separate CSS file). As a
> bonus, this makes for much cleaner code and easier to read texts. I
> don't give them the "Edit HTML code" button either. I'm also looking
> into HTML Purifier which with its whitelist stops XSS and creates
> standards compliant code.
> >From the HTML Purifier website:
> "Even the most dogmatic purist, however, should recognize that for all
> its faults, prospective clients really want rich text editors. There
> are steps you can take to mitigate the associated drawbacks of these
> editors." -> http://hp.jpsband.org/comparison.html
> Drupal module here (beta):
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the development