I'm really looking for a reply to this. Surely someone must be using GWT's RichTextArea.
On Mar 31, 1:36 pm, nogridbag <[email protected]> wrote: > I just converted one of our simple TextArea's into a RichTextArea > (using the RichTextToolbar from the Showcase). I'm not quite sure I > understand the best practices for using RichTextArea with SafeHtml. > > GWT's RichTextArea.java has the methods: > > void setHTML(SafeHtml) > String getHTML() > > Let's say I'm writing an app which let's the user: > > 1) Create new posts > 2) Edit posts > 3) Display posts > ----- > > 1) Create new posts > > a) First, they create a post by typing in the RichTextArea using the > various formatting buttons available in the toolbar. > > b) This post needs to be persisted somewhere (a database or > whatever). Is it necessary to "sanitize" the user input at this > point????? I assume it's not necessary. So we simply call > RichTextArea.getHTML() and persist this raw string containing > <span>'s, <b>'s etc. > > 2) Edit posts > To edit the posts, we take the raw HTML the user previously entered > that was persisted somewhere, and call > RichTextArea.setHTML(SafeHtml). Right? The problem is we cannot > generate SafeHtml that does not escape even the basic HTML outputted > previously from the RichTextArea. For instance, RichTextArea > generates <span>'s for most of the content. SafeHtmlUtils and > SimpleHtmlSanitizer will escape this tag. I'm assuming using > RichTextArea.setHTML(String) is a bad practice, so I'm looking for the > proper way to do this. > > 3) Display posts > Displaying posts is similar to editing them, but with the added > problem that unless they're displayed in an iframe (or another > RichTextArea), the post will look different than what the user > inputted (since it inherits styles from the rest of the page). > > Can someone explain the best practices for using RichTextArea? I'm > not really knowledgeable in this area. I'm starting to think that web > applications actually do not store HTML at all for posts/discussions. > They'll use some other markup like bbcode, markdown, wikipedia style, > etc. If that's the case, why do all the rich text widgets (CKEditor, > tinymce, GXT RTE, GWT RichTextArea output HTML instead of some other > "safe" format? > > ... like RichTextArea.setRichText(RichText text) and > RichTextArea.getRichText()... > > Hopefully someone can help explain this to me. > > Thanks! -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
