Pádraig Brady wrote: > Niall Kelly wrote: > >> Hi all, >> >> Has anybody embedded a JS rich text editor into their Django projects? >> Preferably something that uses a markup language supported by the markup >> template filters. I'm looking at WMD[1] at the moment and while it looks >> really nice it doesn't seem to have much in the way of >> documentation/support. >> >> Thanks, >> Niall >> >> [1]http://wmd-editor.com/ >> > > Have a look at https://launchpad.net/timiki which > Tim Kersten did for Lincor this summer. > He used a tweaked fckeditor which works well for us, > but I think he mentioned that he may use something else in future? > That editor allows you to edit visually or using HTML source. > Using other markup is silly IMHO. > > Pádraig. > Thanks for all the suggestions they are extremely helpful. On a related note a lot of the suggestions would involve sending/storing the content as HTML rather than an intermediary markup language. I would have thought that you would want to avoid this since it reduces your options for sanitizing the content before displaying it. With something like textile you could run the escape filter before the textile filter and be reasonably sure that you aren't going to get <script> tags being set to the template. If you are using an editor that gives you HTML you are relying on it for all the escaping, you can't escape yourself since you would then lose the formatting. What worries me about this is that you would have to be very sure that your input is actually coming from the editor and not just someone sending in their own crafted POST request.
Is this a valid concern or am I just being paranoid? Thanks, Niall --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Python Ireland" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.ie/group/pythonireland?hl=en -~----------~----~----~----~------~----~------~--~---
