Hi Dan, Well, I'm not sure if that would help. These tools would definitely make it easier for legitimate users to enter things that would need HTML markup (like unordered lists or links) but they wouldn't really help with malicious users would they? Couldn't a malicious user still just enter whatever harmful markup they wanted? I don't normally see wysiwyg editors on blog comment forms. Usually, I just see a textarea and a submit button. I'm curious how they prevent XSS. Do you know?
Thanks, Ken On Oct 31, 2:29 pm, "Dan Simpson" <[EMAIL PROTECTED]> wrote: > What about a WYSIWYG ? Thats how wordpress handles it. > > FCKEditor and TinyMCE are two popular Javascript based WYSIWYG editors. > > --Dan > > On Fri, Oct 31, 2008 at 2:21 PM, Ryan Felton <[EMAIL PROTECTED]> wrote: > > Assuming you're not using wordpress as your blogging engine: > >http://wordpress.org/extend/plugins/wp-syntax/screenshots/ > > I'd say check out the libraryhttp://code.google.com/p/syntaxhighlighter/ > > . > > > I've used the white list plugin > >http://svn.techno-weenie.net/projects/plugins/white_list/ and added > > table, th, tr, and td tags to it. > > > Ryan > > > On Oct 31, 2008, at 4:07 PM, Ken Hudson wrote: > > > Hi All, > > I'm working on a new application that will need a blog. The basics for > > creating a blog are well documented all over the web and are pretty easy and > > straightforward. However, most of what you find is very simplistic - blog > > entries and comments just consisting of simple text, for example. In my > > application, I will need to allow blog posts to have at least some HTML > > markup (e.g., links, unordered lists, and in particular images). The same > > goes for blog comments. Does anyone have any suggestions on how to go about > > doing this? RedCloth would appear to be one alternative but my users aren't > > going to know Textile and there's no way I can expect them to learn it. I > > need to balance my requirements with a healthy concern for cross site > > scripting (XSS) and I'm unsure how to proceed. I'm very curious how sites > > likehttp://www.rubyinside.comaccomplish this. I would greatly > > appreciate any advice! > > > Thanks, Ken --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
