RE: [WebDNA] OT: FCKeditor

This WebDNA talk-list message is from

2008

It keeps the original formatting. numero = 100572
interpreted = N
texte = I have used many of the wysiwyg editors. I like tinymce the best, especiallythe spell check integration with google spell. One thing to worry about isthese editors add characters between tags that when viewed across operatingsystem shows up as boxes (usually don't show up on your machine but anothersystem may interpret the soft return as a box character). I solved this bychanging default settings to not pad soft returns between tags.However please note that you are exposing your site to Cross site scripting!See http://en.wikipedia.org/wiki/Cross-site_scripting. You will have toclean what your user's input. Using these tools to clean the data is notsecure. Super easy to bypass. Also, if you are allowing folks to enter datathen display the data with [interpret][/interpret] they can enter webdna andgo to town on your server.One library I started working with (not done yet) ishttp://htmlpurifier.org/. Essentially, I'll have to pass the data to a PHPscript, have it cleaned, then passed back to webdna for final processing.Best, Olin-----Original Message-----From: Tana Adams [mailto:tana@volleyhut.com] Sent: Thursday, August 21, 2008 10:08 AMTo: talk@webdna.usSubject: RE: [WebDNA] OT: FCKeditorThanks Steve and Tom -- I appreciate your input. I may contact you offlineif that's ok.Tana-----Original Message-----From: Steve Craig [mailto:steve@asylumweb.com] Sent: Thursday, August 21, 2008 10:15 AMTo: talk@webdna.usSubject: Re: [WebDNA] OT: FCKeditorI use it all the time, no problems at all, newest version is very good - no popups anymore. No security issues I'm aware of but I disabled there upload facility and use my own webdna based one instead.If I can help with code I will.Cheers========================================Steve Craig - Asylum Interactive LtdTel +44 1330 860550 Fax +44 1330 860880========================================http://www.asylumweb.comEmail: steve@asylumweb.comSkype: s.craig - iChat: steve.craig========================================On 21 Aug 2008, at 18:05, Tana Adams wrote:> Hi,>> I was wondering if anyone else has used FCKeditor? I'm assuming it > needs to> be installed at the root on the server. I was wondering if anyone > has had> any security issues with it? We're looking into it as an option to > allow a> few clients to change their own text on their sites.>> Thanks,>> Tana>> No virus found in this outgoing message.> Checked by AVG.> Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: > 8/21/2008> 6:04 AM>>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: ---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: No virus found in this incoming message.Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: 8/21/20086:04 AM No virus found in this outgoing message.Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: 8/21/20086:04 AM ---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to:  Associated Messages, from the most recent to the oldest:

Re: [WebDNA] OT: FCKeditor (Donovan Brooke 2008) RE: [WebDNA] OT: FCKeditor ("Olin Lagon" 2008) RE: [WebDNA] OT: FCKeditor ("Tana Adams" 2008) Re: [WebDNA] OT: FCKeditor (Bob Minor 2008) Re: [WebDNA] OT: FCKeditor ("Tom Duke" 2008) Re: [WebDNA] OT: FCKeditor (Steve Craig 2008)

I have used many of the wysiwyg editors. I like tinymce the best, especiallythe spell check integration with google spell. One thing to worry about isthese editors add characters between tags that when viewed across operatingsystem shows up as boxes (usually don't show up on your machine but anothersystem may interpret the soft return as a box character). I solved this bychanging default settings to not pad soft returns between tags.However please note that you are exposing your site to Cross site scripting!See http://en.wikipedia.org/wiki/Cross-site_scripting. You will have toclean what your user's input. Using these tools to clean the data is notsecure. Super easy to bypass. Also, if you are allowing folks to enter datathen display the data with [interpret][/interpret] they can enter webdna andgo to town on your server.One library I started working with (not done yet) ishttp://htmlpurifier.org/. Essentially, I'll have to pass the data to a PHPscript, have it cleaned, then passed back to webdna for final processing.Best, Olin-----Original Message-----From: Tana Adams [mailto:tana@volleyhut.com] Sent: Thursday, August 21, 2008 10:08 AMTo: talk@webdna.usSubject: RE: [WebDNA] OT: FCKeditorThanks Steve and Tom -- I appreciate your input. I may contact you offlineif that's ok.Tana-----Original Message-----From: Steve Craig [mailto:steve@asylumweb.com] Sent: Thursday, August 21, 2008 10:15 AMTo: talk@webdna.usSubject: Re: [WebDNA] OT: FCKeditorI use it all the time, no problems at all, newest version is very good - no popups anymore. No security issues I'm aware of but I disabled there upload facility and use my own webdna based one instead.If I can help with code I will.Cheers========================================Steve Craig - Asylum Interactive LtdTel +44 1330 860550 Fax +44 1330 860880========================================http://www.asylumweb.comEmail: steve@asylumweb.comSkype: s.craig - iChat: steve.craig========================================On 21 Aug 2008, at 18:05, Tana Adams wrote:> Hi,>> I was wondering if anyone else has used FCKeditor? I'm assuming it > needs to> be installed at the root on the server. I was wondering if anyone > has had> any security issues with it? We're looking into it as an option to > allow a> few clients to change their own text on their sites.>> Thanks,>> Tana>> No virus found in this outgoing message.> Checked by AVG.> Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: > 8/21/2008> 6:04 AM>>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: ---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: No virus found in this incoming message.Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: 8/21/20086:04 AM No virus found in this outgoing message.Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.6/1625 - Release Date: 8/21/20086:04 AM ---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to:  "Olin Lagon"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

RE: Problems with dbcatalog.exe (1997) For those of you not on the WebCatalog Beta... (1997) Moment of Thanks (1997) Secure Sever and showcart errors (1997) [WebDNA] Rewrite url before redirect (2012) RE: How to verify email address (1997) [TCPConnect] questions/problems (2001) lookups (2000) Hiding usernames and passwords in URL (1998) RE: Can a database get stomped by simultaneous access? (1997) Blasted shownext (request for 4.0) (1998) Sorting error (1997) Replto in [SendMail] (2000) can pull down menu do a ONCHANGE= without Java script? (2000) best way to get 2 unique strings on the same page load? (2000) Quit revisited (1997) emailer (1997) help with duplicate records posted (1998) Include a big block of text (1997) bug in listwords? (1998)