I am working on a site that will take comments from users. The comments should be formattable, like bold italic etc. Much like the way you can format your email when composing with gmail and yahoo.
I can write the code myself but I don’t want to re-invent the wheel. There must be a free good re-usable component that which I can integrate. I found a few web-based WYSIWYG editor but all of them generate HTML code. e.g. If you write “Hello World” in bold, the code generated would be “< b > Hello World < / b >”. Including HTML tags in input text is a bad idea since it exposes to cross site scripting attacks. PHPBB style tags like " b ] Hello World / b ]" would be much better.
So any knows of such a free plugginable WYSIWYG editor?
i don’t think WSIWYG editors can be used for cross site scripting attacks as it does not accept any extra html codes other than the defined ones… for instance if you write “< html >” it will generate “< ; html > ;” …or no?
anyways bbcodes are same as html codes just they are presented alternatively to the user for easy use for example if yuo write " ** Hello World **" the data will go as “< b >Hello World < /b > </ b>” to the database…
You will need to convert BB Code at time of insertion or retrieval that requires an extra array
the page just refreshed and this message is here This forum requires that you wait 30 seconds between posts. Please try again in 26 seconds.
anyway I was saying that you will need to convert BB Code at time of insertion or retrieval that requires an extra array and also few more lines of code. So to increase the efficiency I’d suggest that you should strip_tags (only allow tags that you need). It’s simpler and safe, trust me people use it.
And the cool WYSIWYG of GS in your hands, just use it after little alertation I hope Azkar bhai wont mind it.
I’m writing on GS after few months… seems like things havent changed much.. Hi Kulfi Wala… apka nick dekh ker aur shadeed garmi mehsoos kartay huway khoay wali kulfi khanay ko dil chah raha hai. aik dena please
Atleast FCKedtior’s PHP script does not check for sanity of input. It assumes that the code generated by frontend javascript on user’s browser will not be mangled by the user which is a bad assumption. Everything checked at user-end should be checked at server-end too. But atleast I can write this much code for validating the input.
BBCodes are more promising. Is there any WYSIWYG for BBCodes?
I hope Azkar bhai wont mind it.