PEAK XOOPS - FCKeditor on d3forum in englishin japanese

FCKeditor on d3forum

  • You cannot open a new topic into this forum
  • Guests cannot post into this forum
Previous post - Next post | Parent - Children.1 .2 .3 .4 | Posted on 2007/8/25 8:28
kentauls  上等兵   Posts: 29
Hi, Mr. GIJOE,

I am grateful to you for giving us the opportunity to work with XOOPS. Your excellent modules always make us surprise and happy, and help us in huge ways.

I want to use FCKeditor on d3forum and have been searching the solution. But I am unable to do that.

I am really appreciating it if you can give me advice to solve my issue.

Thanks.
Votes:1 Average:10.00
Previous post - Next post | Parent - No child | Posted on 2007/8/25 13:11
kentauls  上等兵   Posts: 29
I've found the following comments in this website related to the FCKeditor on d3forum

http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=400
Quote:
Of course, d3forum cannot use FCKEditor.
Because this is a forum module can be posted from anonymous users including malicious one.
Though pico is a content module can be posted from trusted users only.

I understand the risk on giving a permission of use of HTML code. But functions of FCKeditor shall help the discussion on the forum, especially scientific discussion with using the Greek characters, superscripts, subscripts etc etc...

I'm planning to use this FCKeditor function for the selected members.

Then just in case we can control the permission of use of HTML code for each person, we can sustain the safety of our web site, can't it?
Votes:0 Average:0.00
Previous post - Next post | Parent - Children.1 | Posted on 2007/8/25 19:03
OneOfTen  伍長   Posts: 75
Yeah, it would be good to be able to activate the fck-editor at least for internal forums. But I don't understand the problem with fck-editor, because you are able to activate html for the whole module from admin cp. And I am using d3forum in a small community of about 50 users and the main use here is to coordinate our projects and it would be really cool (for those who aren't that skilled in html) to be able to use the fck.
Votes:2 Average:5.00
Previous post - Next post | Parent - No child | Posted on 2007/8/28 5:29
GIJOE  先任軍曹   Posts: 4110
Still I'm negative about HTML based WYSIWYG Editor for anonymous.
XSS or ScriptInsertion is not so slight vulnerability.

If I have enought time, I want to implement this
http://xoops.peak.ne.jp/md/d3forum/index.php?post_id=9482

BBCode based WYSIWYG Editor should be the fanal answer.
Votes:1 Average:10.00
Previous post - Next post | Parent - Children.1 | Posted on 2007/8/29 5:35
kentauls  上等兵   Posts: 29
Hi, GIJOE

Thank you very much for your comments.
I read the forum you linked and understand the situation right now about HTML based WYSIWYG editor.
At the same time, I well understand that you think about the possibility of the web based WYSIWYG editor for anonymous use and are trying to find out the way to solve this issue.

I would like to have your opinion on the potential of "HTML filter" such as "HTML Purifier" (http://htmlpurifier.org/) as a alternative candidate of BBcode. I’ve found it will remove the risks of XSS attacks.

Thanks
Votes:1 Average:10.00
Previous post - Next post | Parent - No child | Posted on 2007/8/29 5:59 | Last modified
GIJOE  先任軍曹   Posts: 4110
hi kentauls.

Thank you for good suggestion!

I will check HTML purifier.
(Of course, I shall test all kinds of attacks )

I'm planning it is included as Protector's plugin if it is safe enough.

And I will modify d3forum can use "FCKeditor on XOOPS".
Votes:0 Average:0.00
Previous post - Next post | Parent - No child | Posted on 2007/9/11 23:18
kentauls  上等兵   Posts: 29
Hi, GIJOE

I'm very glad to hear from you and be able to assist you in some way.
I could see this forum, but could not reply you for a while.

We are still looking forward to seeing "FCKeditor on d3forum".

Thanks
Votes:0 Average:0.00

  Advanced search


Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!