Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

7947 views

Page selection:
  • JKMakowka
  • JKMakowka's Avatar
  • Just call me Kris :)
  • Posts: 1044
  • Karma: 35
  • Likes received: 359

Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

Hans wrote: The SuSanA forum doesn’t have a WYSIWYG editor as the forum has no power and free developers for the open source project to develop or license and maintain a safe editor. So the forum sticks to a Bulletin Board Code editor fit for posting on a message board as the Forum has access options to write/edit for everybody.


There are good and free/open-source WYSIWYG editors like TinyMCE or CKEditor, however it seems like Kuena (the forum software used) is not able to use these easily. I came across this discussion where the developers explained the problems.
It seems however that there might be an official (commercial) WYSIWYG editor plugin for the latest version of Kuena end of 2014 or so; in other words, if and when this forum is updated it might be possible in the not too far future.

+++++++++
Edit by moderator in 2020: The forum now has a WYSIWYG editor, see here: forum.susana.org/148-your-suggestions-fo...-and-other-bug-fixes
You need to login to reply
The topic has been locked.
  • Hans
  • Hans's Avatar
  • Hi: working@Akvo contributing to bringing international development to life, online
  • Posts: 7
  • Karma: 2
  • Likes received: 3

Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

WYSIWYG-editor for SuSanA Wiki, but no WYSIWY-editor for the SuSanA forum: is that a contradiction?

In addition to the forum thread on using WYSIWY editing: the new WYSIWYG editor for the SuSanA Wiki represent very limited security risks for the SuSanA platform. When saving a page the normal MediaWiki renderer will render the page and filter out all syntax which contains not allowed HTML and JavaScript.

The most serious problem mentioned in the forum thread is spreading malware. But the source problem here is vulnerable web browsers, and the WYSIWYG editor would be a very minor contribution to the possibilities to exploit vulnerable web browsers. Keeping your browser up-to-date is important, but this have to be the responsibility of the end users or whoever administers the end users' computers. Regular users don't need to worry about the security level of the WYSIWYG editor. They should worry about keeping their browsers up-to-date.

The SuSanA forum doesn’t have a WYSIWYG editor as the forum has no power and free developers for the open source project to develop or license and maintain a safe editor. So the forum sticks to a Bulletin Board Code editor fit for posting on a message board as the Forum has access options to write/edit for everybody.
Hans Merton
Project manager Akvopedia @Akvo Foundation
website: akvo.org/
email: This email address is being protected from spambots. You need JavaScript enabled to view it.
skype: hans.merton
You need to login to reply
The topic has been locked.
  • JKMakowka
  • JKMakowka's Avatar
  • Just call me Kris :)
  • Posts: 1044
  • Karma: 35
  • Likes received: 359

Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

As far as I know the issue is mainly that when allowing full WYSIWYG editing (i.e. a HTML enabled input field) it is possible to abuse the system to embed hidden malware (something like a computer virus) that infects every one (with a vulnerable browser) that is looking at the manipulated post.

Most systems have a special security parser that only allows certain known to be safe parts of the HTML code to be saved when submitting, but such a system isn't perfect and using a non-HTML BBcode input system is considered the more fail-proof option.

Personally, I think it's less of a security problem than Steffen makes it sound, but it is certainly more maintenance effort to keep an external plugin with a HTML editor (TinyMCE or CKEditor etc.) up to date to minimize the vulnerability.

Edit: concerning your email argument, many people intentionally turn off HTML formatted emails or disallow embedding pictures etc. in their email viewer for similar reasons (and because they don't want to have their email viewing habits tracked).
The following user(s) like this post: Elisabeth
You need to login to reply
The topic has been locked.
  • F H Mughal
  • F H Mughal's Avatar
    Topic Author
  • Senior Water and Sanitation Engineer
  • Posts: 1026
  • Karma: 20
  • Likes received: 227

Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

Dear Elisabeth,

Please forgive me if I may sound childish, but with all due respect to Steffen, please tell us all what risk is involved in the email, I just sent you, on your personal email address. In the email, some words are in bold and some in italics.

Regards,

F H Mughal
F H Mughal (Mr.)
Karachi, Pakistan
You need to login to reply
The topic has been locked.
  • Elisabeth
  • Elisabeth's Avatar
  • Moderator
  • Freelance consultant since 2012 (former roles: program manager at GIZ and SuSanA secretariat, lecturer, process engineer for wastewater treatment plants)
  • Posts: 3372
  • Karma: 54
  • Likes received: 931

Re: Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

Dear Mughal,

Thanks for your question. I have passed it on to our chief IT programmer behind the forum, Steffen Eisser, and here is his answer (what you are asking for is aked in IT jaron called a "what you see is what you get" editor, abbreviated to WYSIWYG):

+++++++++++

Hi Elisabeth,

This is not a technical problem, but this is a security must for an "open" forum where everybody can register and write. Even if it is possible that you replace the editor by another one like Joomla uses, it means that it uses HTML that the user can see this live on the website WYSIWYG.

Giving HTML possibility to every user is a high risk. That's why a lot of open forums still uses bbcode editors instead of HTML ones. To support and develope such editors without risks or security holes would not be affordable by free and open source projects like Kunena. As far as I can see the newest version of Kunena (we are using here an older version of Kunena) has not implemented such an editor either.

Hope it helps
Steffen

++++++++++

I didn't understand his message 100% but I gather it would pose too many security risks in terms of hackers or spammers.

Please don't hesitate to ask if you have follow-on questions for Steffen.

I am just wondering: Is such type of editor really so important? I am not sure if the little bit of additional convenience would be worth increased security risks or a major programming effort?

Greetings,
Elisabeth
Dr. Elisabeth von Muench
Freelance consultant on environmental and climate projects
Located in Ulm, Germany
This email address is being protected from spambots. You need JavaScript enabled to view it.
My Wikipedia user profile: en.wikipedia.org/wiki/User:EMsmile
LinkedIn: www.linkedin.com/in/elisabethvonmuench/
You need to login to reply
The topic has been locked.
  • F H Mughal
  • F H Mughal's Avatar
    Topic Author
  • Senior Water and Sanitation Engineer
  • Posts: 1026
  • Karma: 20
  • Likes received: 227

Could we have a forum post editor that is a "what you see is what you get" (WYSIWYG)?

Secretariat:

I remember, back in 1990 (24 years back), when use of computers first started in Pakistan, in the Word program, we used to have programs like WordStar and WordPerfect.
In these programs, if you want to, say, have a sentence in bold, then, at the start and end of a sentence, we used to press Ctrl and B.

In this forum, almost same pattern is reflected. If you want to have a sentence in bold, then all those things, like , come up. Yes, they go away when you hit the submit button.

My contention is: why not have a system, as we have in MSWord now - just press B and you get to see the word in bold, rather those brackets.

If we are not having a system here that is 24 years old, then, could we have a writing format, just like we have in MSWord system.

F H Mughal
F H Mughal (Mr.)
Karachi, Pakistan
The following user(s) like this post: canaday, christoph
You need to login to reply
The topic has been locked.
Page selection:
Share this thread:
Recently active users. Who else has been active?
Time to create page: 0.059 seconds
Powered by Kunena Forum