Welcome to Geeklog, Anonymous Monday, December 09 2024 @ 03:22 pm EST
Geeklog Forums
Is kses really a good idea with FCKeditor??
monoclast
For instance, I have a table in a story, and I want the top row of the table to be column headers. I want these column headers to have a black background with white text.
To control table cell background colors, FCKeditor uses the <td bgcolor> element and attribute. So I log in as Admin, and go to Configuration > Miscellaneous > HTML Filtering, view the Admin HTML list, and add td > bgcolor. That works. Yey!
Now, to control font color within the table cell, FCKeditor uses the <span style> element and attribute. So I log in as Admin, and go to Configuration > Miscellaneous > HTML Filtering, view the Admin HTML list, and add span > style. But even though I have done this, Geeklog strips the content of the style attibute away!
Geeklog strips this:
...down to this:
Which results in black text on a black background! Grrr!
So is there a way to prevent this?
I have to ask (and I mean no disrespect - it's just frustrating as hell to me):
Why offer the FCKeditor if you only turn around and cripple the living crap out of it??
Why do you not let me decide who I will trust to create articles on my site? I don't want to have to give out my root password to people just so they can use the editor to its full potential.
Sorry for the tone, but I've been wasting lots of time running into issue after issue like this with FCKeditor and kses, and it's quite frustrating!
-mono
Dirk
I can understand your frustration from an Admin's point of view, though. That's why there's the "Skip HTML Filter for Root?" option ...
Inline CSS isn't going to work with kses. That's a bug / limitation of kses. For missing tags and attributes, maybe someone could write an "import" script that makes it easier to get a working set of HTML tags and attributes into the configuration?
bye, Dirk
monoclast
As far as content coming from your users is concerned, it's really in your own best interest that these things are filtered ...
I can understand your frustration from an Admin's point of view, though. That's why there's the "Skip HTML Filter for Root?" option ...
Inline CSS isn't going to work with kses. That's a bug / limitation of kses. For missing tags and attributes, maybe someone could write an "import" script that makes it easier to get a working set of HTML tags and attributes into the configuration?
bye, Dirk
To me, this is a fundamental flaw in logic.
On the one hand, you take the position that it's in my own best interests that content from ALL users – even users I happen to deem safe – is filtered. Yet on the other hand, you are providing access to the FCKeditor to *all* users when it is enabled! Either you want Geeklog users to enjoy FCKeditor, or not - you can't have it both ways. If you try to have it both ways, you end up with this very frustrating scenario where something that could be excellent is crippled / broken instead. At best, you're setting up FCKeditor for failure with this logic, which is, like it or not, a bad user experience for Geeklog users and administrators.
What you seem to be telling me is my only recourse is to:
a. Give all story admins access to the root account so that they can use FCKeditor the way it is designed to be used. I refuse to do this. Why have the story admin group at all then?
-or-
b. Disable FCKeditor completely, since there is no way to get it working correctly for all story editors.
I'd hate to do that, because the alternative Plain Text and HTML editors pretty much suck.
Neither is an acceptable answer to this problem, to me. I don't see the point in offering FCKeditor to your users if half of its features are, in effect, hopelessly broken.
Please reconsider your position on this. This is not good for the Geeklog community as it stands. You might as well remove FCKeditor completely, IMO. It's a bad user experience.
-mono
happy
try glfusion instead www.glfusion.org
they forked from geeklog a while back and i'm setting up all my new sites with it. its very nice
cheers!
1000ideen
Find: SEC_inGroup( 'Root' )) and replace with SEC_inGroup( 'Story Admin' ))
Now all HTML is being skipped for story admins rather than root. That`s good when you have a limited number of story admins you can trust.
monoclast
No problem, you can hack this in lib-common.php line 2966
Find: SEC_inGroup( 'Root' )) and replace with SEC_inGroup( 'Story Admin' ))
Now all HTML is being skipped for story admins rather than root. That`s good when you have a limited number of story admins you can trust.
Mine happened to be in a different place, probably because I've got different modifications:
3008 // problem: <http://www.geeklog.net/forum/viewtopic.php?showtopic=86652>
3009 if( isset( $_CONF['skip_html_filter_for_root'] ) &&
3010 ( $_CONF['skip_html_filter_for_root'] == 1 ) &&
3011 SEC_inGroup( 'Story Admin' )) // SEC_inGroup( 'Root' ))
3012 {
3013 return $str;
3014 }
Anyhow, I just checked and it does appear to work! So I thank you!!
Now I would love to see a configuration option for this sort of thing in Geeklog at some point in the future, so I don't have to make this hack every time I upgrade. Should I file a bug report on it, or what?
-mono
1000ideen
This is very helpful if there is a limited user group as it is typical on a homepage where the owner is not root. This is the case with all my friends for whom I set up a geeklog.
jmucchiello
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content