PHPBB3-10418 - WYSIWYG Editor/Rich Text Editor

Discuss requests for comments/changes posted in the Issue Tracker for the development of phpBB. Current releases are 3.2/Rhea and 3.3/Proteus.
Post Reply
User avatar
KaileyT
Community Team
Community Team
Posts: 35
Joined: Mon Sep 01, 2014 10:54 pm

Re: WYSIWYG Editor/Rich Text Editor

Post by KaileyT »

Before I get all hormonal below, I'd like to point out that I don't have a problem with a WYSIWYG, Rich Text Editor, or whatever we are calling it this week - as long as there is an option to turn it off for those that don't want to use it.
exx8 wrote:There are far more dangerous features, including those which have been introduced in 3.1
Sling bullshit much? Please enlighten us as to what "dangerous features" were introduced in 3.1. I only see improvements.
exx8 wrote:Let's make a poll. Nobody except of the developers, will pick BBcode.
No need for a poll if you apparently already did one. Care to link to it? I didn't get a chance to vote for BBCode.
mrgtb
Registered User
Posts: 221
Joined: Wed Nov 28, 2007 10:09 pm

Re: WYSIWYG Editor/Rich Text Editor

Post by mrgtb »

I don't know why you just don't keep the same plain text editor and simply make things like the IMG and URL BBCode links use popup input boxes instead.

I've yet to see any WYSIWYG Editor that isn't buggy and suffers from issues with things across different browsers. There is also the problem with WYSIWYG Editors, that people cannot be bothered to switch them over to Plain text mode when pasting content from other external text editors like MS Word, e.t.c. Ending up with all sorts of strange formatting carried across from them into forum posts.

I think it would have been better and easier to keep the same plain text editor you have now and work on improving some of the BBCode functions using pop-up input boxes to make it more user-friendly.

If you end up using SCEditor and ripping out the current plain text editor. Then hope an admin backend option is going to be included to use it as a WYSIWYG Editor, or used as a just a Plain Text editor you as admin can set for everyone.
exx8
Posts: 13
Joined: Sat Aug 12, 2006 9:49 am

Re: WYSIWYG Editor/Rich Text Editor

Post by exx8 »

I try to understand, would anyone of you use Word, if you had to use coding to use it. I wouldn't.
kinerity wrote:Before I get all hormonal below, I'd like to point out that I don't have a problem with a WYSIWYG, Rich Text Editor, or whatever we are calling it this week - as long as there is an option to turn it off for those that don't want to use it.
exx8 wrote:There are far more dangerous features, including those which have been introduced in 3.1
1)Sling bullshit much? Please enlighten us as to what "dangerous features" were introduced in 3.1. I only see improvements.
exx8 wrote:Let's make a poll. Nobody except of the developers, will pick BBcode.
2)No need for a poll if you apparently already did one. Care to link to it? I didn't get a chance to vote for BBCode.
1)The notifications were proven as a great vulnerability for DDOS attacks. And yet, they were implemented.
2)I will open a new one soon. And you'll be able to vote.
-----------------------------------------------------------------------------------------------
mrgtb wrote:1)I don't know why you just don't keep the same plain text editor and simply make things like the IMG and URL BBCode links use popup input boxes instead.

2)I've yet to see any WYSIWYG Editor that isn't buggy and suffers from issues with things across different browsers. There is also the problem with WYSIWYG Editors, that people cannot be bothered to switch them over to Plain text mode when pasting content from other external text editors like MS Word, e.t.c. Ending up with all sorts of strange formatting carried across from them into forum posts.

3)I think it would have been better and easier to keep the same plain text editor you have now and work on improving some of the BBCode functions using pop-up input boxes to make it more user-friendly.

If you end up using SCEditor and ripping out the current plain text editor. Then hope an admin backend option is going to be included to use it as a WYSIWYG Editor, or used as a just a Plain Text editor you as admin can set for everyone.
1)It isn't enough. Why are you against the ability to read your text easily?
2)User will be able to make their choice, though everybody uses Word-like programs, doesn't they?
3)No, it isn't enough. What you describe is still a poor UI, that no non-programmer will ever want to use it.
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1867
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: WYSIWYG Editor/Rich Text Editor

Post by DavidIQ »

exx8 wrote:1)The notifications were proven as a great vulnerability for DDOS attacks. And yet, they were implemented.
Really? What vulnerability exactly?
Image
exx8
Posts: 13
Joined: Sat Aug 12, 2006 9:49 am

Re: WYSIWYG Editor/Rich Text Editor

Post by exx8 »

DavidIQ wrote:
exx8 wrote:1)The notifications were proven as a great vulnerability for DDOS attacks. And yet, they were implemented.
Really? What vulnerability exactly?
Through specifically crafted requests with an XMLHttpRequest header it was possible to trigger an infinite loop in a phpBB routine which may end up consuming a large amount of resources on a server running phpBB 3.1.1.
https://www.phpbb.com/community/viewtop ... &t=2278081
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1867
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: WYSIWYG Editor/Rich Text Editor

Post by DavidIQ »

That has nothing to do with notifications...it's actually related to a possible security issue with extensions.
Image
exx8
Posts: 13
Joined: Sat Aug 12, 2006 9:49 am

Re: WYSIWYG Editor/Rich Text Editor

Post by exx8 »

DavidIQ wrote:That has nothing to do with notifications...it's actually related to a possible security issue with extensions.
Shall I bring the context?
Actually, is it relevant if it belongs to the notifications feature or the extensions feature?
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1867
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: WYSIWYG Editor/Rich Text Editor

Post by DavidIQ »

exx8 wrote:Shall I bring the context?
Actually, is it relevant if it belongs to the notifications feature or the extensions feature?
Sure is relevant. One is part of the core (notifications) while the other one isn't (extensions) and even for the latter it was only a possible issue for a small fraction of extensions, not to mention the extension needed to be badly written. Nice try though.
Image
exx8
Posts: 13
Joined: Sat Aug 12, 2006 9:49 am

Re: WYSIWYG Editor/Rich Text Editor

Post by exx8 »

DavidIQ wrote:
exx8 wrote:Shall I bring the context?
Actually, is it relevant if it belongs to the notifications feature or the extensions feature?
Sure is relevant. One is part of the core (notifications) while the other one isn't (extensions) and even for the latter it was only a possible issue for a small fraction of extensions, not to mention the extension needed to be badly written. Nice try though.
The writer meant, that by sending a request to phpbb file, you were able to begin an infinite loop. We can see that he doesn't mean to extensions because, when he begins talking about extensions, he says it clearly:
Further, once you installed an extension,
By the way, you have yet to present any vulnerabilities, that will risk the board's security. The only argument you presented is that XSS issues might need to be taken care, though is easy to solve, and actually, there is a php function that deals this exact task.
No really risk for SQL injection or something that risks the database.
boilingstream
Registered User
Posts: 12
Joined: Thu Jan 03, 2013 10:46 pm

Re: WYSIWYG Editor/Rich Text Editor

Post by boilingstream »

only as reminder, that a genius solution already exists :roll:
viewtopic.php?f=108&t=35703&start=320#p275451
Post Reply