Hi, Mr. GIJOE,
I am grateful to you for giving us the opportunity to work with XOOPS. Your excellent modules always make us surprise and happy, and help us in huge ways.
I want to use FCKeditor on d3forum and have been searching the solution. But I am unable to do that.
I am really appreciating it if you can give me advice to solve my issue.
I've found the following comments in this website related to the FCKeditor on d3forumhttp://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=400
Of course, d3forum cannot use FCKEditor.
Because this is a forum module can be posted from anonymous users including malicious one.
Though pico is a content module can be posted from trusted users only.
I understand the risk on giving a permission of use of HTML code. But functions of FCKeditor shall help the discussion on the forum, especially scientific discussion with using the Greek characters, superscriptｓ, subscripts etc etc...
I'm planning to use this FCKeditor function for the selected members.
Then just in case we can control the permission of use of HTML code for each person, we can sustain the safety of our web site, can't it?
Yeah, it would be good to be able to activate the fck-editor at least for internal forums. But I don't understand the problem with fck-editor, because you are able to activate html for the whole module from admin cp. And I am using d3forum in a small community of about 50 users and the main use here is to coordinate our projects and it would be really cool (for those who aren't that skilled in html) to be able to use the fck.
Still I'm negative about HTML based WYSIWYG Editor for anonymous.
XSS or ScriptInsertion is not so slight vulnerability.
If I have enought time, I want to implement thishttp://xoops.peak.ne.jp/md/d3forum/index.php?post_id=9482
BBCode based WYSIWYG Editor should be the fanal answer.
Thank you very much for your comments.
I read the forum you linked and understand the situation right now about HTML based WYSIWYG editor.
At the same time, I well understand that you think about the possibility of the web based WYSIWYG editor for anonymous use and are trying to find out the way to solve this issue.
I would like to have your opinion on the potential of "HTML filter" such as "HTML Purifier" (http://htmlpurifier.org/) as a alternative candidate of BBcode. I’ve found it will remove the risks of XSS attacks.
Thank you for good suggestion!
I will check HTML purifier.
(Of course, I shall test all kinds of attacks
I'm planning it is included as Protector's plugin if it is safe enough.
And I will modify d3forum can use "FCKeditor on XOOPS".
I'm very glad to hear from you and be able to assist you in some way.
I could see this forum, but could not reply you for a while.
We are still looking forward to seeing "FCKeditor on d3forum".