Is it safe to use only HTML editor instead of Textarea? - tinymce

I am thinking of converting my forum input textarea exclusively to TinyMCE HTML editor. I already have both options but it is a pain maintaining both and inserting images in textarea needs preview etc...
This is more of a general question. Do you think it is safe to include HTML editor (with all the safety measures like paste only text, filter for html not allowed etc...) as the only kind of editor on a forum? It's 2011 and machines are generally fast, connection are better.
What are the downsides of using HTMl editor instead of text field? I can not imagine a blog CMS to have "normal" textarea for input.
But for some reason on forums I do not see many html editors... Even the TinyMCE site has a textarea for their editor. So is there really something to watch out for and a no go...?
I know it is more of a phylosophical question, but I guess you have experience with forums, blogs, etc...
My site is about cooking and beeing able to insert pictures (and upload them) the easy way seems to be a big plus for our home cooks ;-)

If you don't consider security (you'll need to filter the HTML input on the server side so it won't contain anything dangerous), there's only the user experience left for consideration. On a forum you write text most of the time. There's seldom any use for more functionality than bold, italics and images. The solution used here on Stack Overflow addresses this by having a very limited set of functions, and applying it in the textarea with a sane markup language.
Other forums either use old software or didn't think the improved user experience was worth the effort. The textarea-only solution fits most forums well enough since most of the input is text-only anyway.
I do think you would benefit from HTML input. Make sure that only allowed HTML can be sent though, since the user can circumvent everything on the client side.

TinyMCE uses Javascript to add functionality to an existing textarea. If Javascript is disabled, then the user will be presented with a normal textarea anyway.
I would say it's relatively safe, as long as all input from the user is validated on the server before it's used for anything.

Related

WYSIWYG javascript editor with page support

I'm looking for an WYSIWYG editor with page support (similar to word).
Extensibility would also be nice.
Can be a commercial solution as well.
Edit: Sorry about the ambiguation. By page support, I need an editor that will show me the pages as they would look like when the document that's edited will be printed out. I need page separation.
All solutions I found so far (ckEditor, tinyMCE) all do a great job at letting the user edit HTML, but they don't support this page separation.
Edit 2: This is something close to what I need, the problem is they are doing heavy server side processing, and have a really poor client side API: https://demos.devexpress.com/ASPxRichEditDemos/EditingFeatures/TextWithImages.aspx

Clients want to copy/paste from word processors; rich text editors will make it a mess. How do we solve this?

After years of experience with custom made CMS systems, I come to this conclusion:
Clients really want to copy and paste information from word processors into their website CMS. They don't like to create large texts in a website box, and prefer to do so from their good old word processor. Or they simply have their text already prepared for other purposes, and therefore want to copy and paste.
Clients do not like to lose their format. They've spent time on their boldface text, headings, etc, and they do not like to do this all over again.
Rich Text Format fields (TinyMCE, CKEditor, etc) are not yet able to properly convert all formatted text into the right HTML. I do not blame them; this has to be very difficult given the odd 'source code' that word processors put in the clipboard. But reading all SO topics about richttext related issues, I feel this is a known limitation.
What do you do in such cases? I've tried the following:
Explain the client beforehand that this is not a word processor we are implementing, and it has limitations. They can understand, but still want to copy and paste.
Only show very few buttons for formatting (bold, italic, links). That way, we can strip the tags and clean this up quite well, and this limits issues. Works better, but clients keep asking for font options, more colors, headers, etc.
So not a really good solution in sight. Are there others who have tackled this issue successfully?
One solution (and probably the best I've come up with) is to post-process the pasted content. So, catch the publish event and correct all the crappy HTML -- catch all the "mso-normal" styles, for instance, and remove them. You'd have a set of rules which clean stuff coming out of, say, MS Word.
Though, this is not just a word processing problem. You're pasting from one rich text editor to another, and styles just don't transfer between rich editing environments. This is not so much a technical problem as it is a logical problems.
Update: Someone pointed me to this: Copy-Pasting Word to your Web CMS. No real solutions, but just confirmation that it's a sticky problem.
I totally agree with you:
Last week I did a very interesting test with a customer for which I had to prepare some demo's of .NET based CMS systems (Umbraco, Sitefinity, DNN, Composite C1 ect). The customer himself had a Drupal based site and I was ashamed none of my CMS demo's did a 100% job with a complicated Word table (Ceteris paribus: I did not do some CMS fine-tuning, used every CMS out of the box). The worst part was his Drupal CMS did a 100% good job! It was exactly the same as it was in Word. For a client working a lot with Word my CMS-ses were a showstopper. Of course there are a lot of discussions on the web about 'you should not copy from Word' or 'do NOT use Word for CMS things'. Fact is: clients work with Word so we should deal with it.

How to put the Amazon Kindle Web Browser into Article Mode

How do you put the Amazon Kindle web browser into Article Mode via HTML or Javascript?
Editor's note: Some pages are not automatically detected as "articles" by the Kindle 3 browser, and give an error message when trying to go into Article mode. What does the Article mode use to determine what portion of the page to display?
Is this related at all to Readability?
http://lifehacker.com/5163401/readability-bookmarklet-quick+formats-pages-for-smoother-text
Actual JavaScript code for Readability, which is heuristic based:
// Study all the paragraphs and find the chunk that has the most <p>'s and keep it:
This also appears to be related to Safari 5's Reader mode. Here is what is required for Safari Reader:
This definitely needs more investigating, but so far, these appear to be the most important factors for Safari’s Reader functionality to kick in:
Use the right markup, i.e. make sure the most important content is wrapped inside a container element. Whether you use <article>, <div> or even <span> doesn’t seem to matter — as long as it’s not <p>.
The content needs to be long enough. Use enough words, use enough paragraphs, use enough punctuation. Every paragraph should have at least 100 characters.
Reader doesn’t work for local documents.
http://www.wired.com/gadgetlab/2010/09/simple-tip-turns-kindle-into-ultimate-news-reader/ - The "f" key feature outlined above or some other feature? Not quite sure what article mode means.
It means that the browser will try to identify if the page you are looking at has a main body of text (is an article), parse it out and then display only that text without clutter and for easy scrolling.
I don't think you can force it via the web page's code
As far as I know, once the website has loaded (and if you are on an specific topic) you can turn on the "Article Mode" from the menu.
I've seen similar JS tools for Chrome too, so I assume it's part of webkit.

Suggestions for a very easy to edit CMS?

I need advice/suggestions.
At my place of work - we have a large data set.
We would like to server the data up as editable html pages.
(Its mostly lists of simple text)
We would like to add data, change it's order, update text etc...from the editable pages.
It has to have a pretty low bar for usability and WYSIWYG is a must.
The folks who will edit are not programmers by a long shot.
We are not sure Wiki will work.
It might have to do - but not sure.
Changes have to be tracked and written back into the DB
I am thinking some kind of open source CMS might work?
Wordpress, Joomla, Drupal - something that can get us up and running pretty quickly.
I really am open to suggestions - not sure where to begin on this one.
Thanks all
If you don't have someone available right now with expertise with a specific CMS, it will not be quick to set up at all. One good reason is that you'd have to import all of your existing data into whatever form the CMS supports: this is a task for someone who has done it before. On the other hand, if you can pull that off, some of the built in WYSIWYG editors are quite easy to use, with some systems you get versioning and author information for free etc. I'm speaking mostly with the eZ Publish CMS in mind, although it's probably true for other systems.
I would make a simple CMS site that uses the Ajax control toolkit HTML Editor and perform updates to the database on postback.
Here is the link to the Editor example
http://www.asp.net/ajax/ajaxcontroltoolkit/Samples/HTMLEditor/HTMLEditor.aspx
CMS Made Simple (http://www.cmsmadesimple.org) is very easy to set up and use. You do need to understand xhtml and javascript for the theme whacking, but once it's set up it has been trouble free. See my http://www.ConvinceProject.com as an example. It is MUCH easier to use than Drupal and appears to be more stable. I've had Drupal crash when installing security updates to modules, for example. It gives you full access to the header metatags, has fully integrated php and smarty tags, seems quite complete.
AFA importing, this is all mysql-based, although it can use others. If you have a web-whacking coder, pages can be 'scraped' and stuffed if it's more than cut and paste will do.
Lots of us can do it, it's not hard.
If I understand you correctly, it seems like you just need a web-based GUI for editing your DB. Honestly it would probably be faster to just roll your own in the language most familiar to you. There are many fine WYSIWYG editors out there that you can wrap around a text field, such as http://ckeditor.com/.
On the the other hand if you're hoping to solve this problem with DB skills and not do any web dev it may indeed be easier to find a simple CMS. ModX and SimpleCMS comes to mind. Joomla, Drupal and WP all come with so many out of the box features you'd have to strip out - look for something that starts fairly simple. Drupal in the right hands could do this, it has tools for importing/exporting to external DBs but the learning curve is pretty steep. Be aware that some CMSes do strange things with entry data...you may have to look for a text field inside a stored array (Drupal) instead of stored as a straight text field.

TinyMCE writes terrible HTML!

I've currently got TinyMCE incorporated into the backend editor of a simple blogging/page-editing app, but I'm extremely unhappy with the HTML code it creates. It does all sorts of messy things like:
Adding inline style information to span tags that you can't ever find to get rid of without editing the HTML directly.
Nesting tags in nonsense ways (e.g. <p><strong><p><span>some text</span></p><strong></p> just to make something bold.)
Adding empty <p> </p> lines where they don't belong and I'm not trying to create blank lines.
EDIT: I've looked at lists of the other editors out there (including on SO), but I want to know if people firsthand have had better luck getting clean code out of their wysiwyg editors.
Any recommendations for one that outputs better code behind the scenes?
How about a rather drastic alternative, and using a WYMIWYG (What You Mean is What You Get) editor rather that another WYSIWYG editor. That way the author is in full control of the schematic markup as well as the content he/she is entering.
Unfortunately I haven't found one that is as feature rich and usable as tinyMCE, but it seems to have come a long way - see http://www.wymeditor.org/demo/
Use HTML purifier before saving the content into the database.
HTML Purifier
I found JoomlaFCK to be a very good alternative to Tiny MCE.
Hope you like it.
bye
BTW I know it is an old thread but someone might use it. ;)