Look at this: http://www.aidanf.net/adding-a-rich-text-editor-to-your-rails-application
Hope this helps, Dan On Fri, Oct 31, 2008 at 2:45 PM, Dan Simpson <[EMAIL PROTECTED]> wrote: > I think whitelist will help with that by sanitizing the input. So you will > need to use a combination of tools here to provide the user with an easy way > to add markup, and a server side way to untaint the input. > > --Dan > > > On Fri, Oct 31, 2008 at 2:39 PM, Ken <[EMAIL PROTECTED]> wrote: > >> >> Hi Dan, >> >> Well, I'm not sure if that would help. These tools would definitely >> make it easier for legitimate users to enter things that would need >> HTML markup (like unordered lists or links) but they wouldn't really >> help with malicious users would they? Couldn't a malicious user still >> just enter whatever harmful markup they wanted? I don't normally see >> wysiwyg editors on blog comment forms. Usually, I just see a textarea >> and a submit button. I'm curious how they prevent XSS. Do you know? >> >> Thanks, Ken >> >> >> On Oct 31, 2:29 pm, "Dan Simpson" <[EMAIL PROTECTED]> wrote: >> > What about a WYSIWYG ? Thats how wordpress handles it. >> > >> > FCKEditor and TinyMCE are two popular Javascript based WYSIWYG editors. >> > >> > --Dan >> > >> > On Fri, Oct 31, 2008 at 2:21 PM, Ryan Felton <[EMAIL PROTECTED]> >> wrote: >> > > Assuming you're not using wordpress as your blogging engine: >> > >http://wordpress.org/extend/plugins/wp-syntax/screenshots/ >> > > I'd say check out the libraryhttp:// >> code.google.com/p/syntaxhighlighter/ >> > > . >> > >> > > I've used the white list plugin >> > >http://svn.techno-weenie.net/projects/plugins/white_list/ and added >> > > table, th, tr, and td tags to it. >> > >> > > Ryan >> > >> > > On Oct 31, 2008, at 4:07 PM, Ken Hudson wrote: >> > >> > > Hi All, >> > > I'm working on a new application that will need a blog. The basics >> for >> > > creating a blog are well documented all over the web and are pretty >> easy and >> > > straightforward. However, most of what you find is very simplistic - >> blog >> > > entries and comments just consisting of simple text, for example. In >> my >> > > application, I will need to allow blog posts to have at least some >> HTML >> > > markup (e.g., links, unordered lists, and in particular images). The >> same >> > > goes for blog comments. Does anyone have any suggestions on how to go >> about >> > > doing this? RedCloth would appear to be one alternative but my users >> aren't >> > > going to know Textile and there's no way I can expect them to learn >> it. I >> > > need to balance my requirements with a healthy concern for cross site >> > > scripting (XSS) and I'm unsure how to proceed. I'm very curious how >> sites >> > > likehttp://www.rubyinside.comaccomplish this. I would greatly >> > > appreciate any advice! >> > >> > > Thanks, Ken >> >> >> > --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
