HTML parsing vs BBCODE

what advantages vs risks in using html parsing in Cotonti?

donP	#24005 2010-04-07 19:51
Members	I was tempted by using HTML parsing instead of BBCODE in Cotonti to switch to a WYSIWYG editor like CKeditor or TinyMCE, more usable from beginners webbers. The advantages are not only facility for beginners, but very best interface (mostly in filling links and images attributes for regulare W3C markup rules), most control in page layout for web administrators (tables, divs, spans etc). Other advantage is less database consumption (no need to have page_text and page_html tables). But I'm aftraid of security related issues... How much Cotonti system is sucured from malicious HTML contents inserted by potential hackers if HTML parsing enabled instead of BBCODE parsing? Added 1 day later: No opinions here? Added 15 minutes later: An what about http://htmlpurifier.org for security issues? Some CMS/CMF are using that library... in [color=#729FCF][b]BLUES[/b][/color] I trust
This post was edited by donP (2010-04-09 15:48, 14 years ago)

donP

#24005 2010-04-07 19:51

I was tempted by using HTML parsing instead of BBCODE in Cotonti to switch to a WYSIWYG editor like CKeditor or TinyMCE, more usable from beginners webbers.
The advantages are not only facility for beginners, but very best interface (mostly in filling links and images attributes for regulare W3C markup rules), most control in page layout for web administrators (tables, divs, spans etc).
Other advantage is less database consumption (no need to have page_text and page_html tables).
But I'm aftraid of security related issues...
How much Cotonti system is sucured from malicious HTML contents inserted by potential hackers if HTML parsing enabled instead of BBCODE parsing?

Added 1 day later:

No opinions here?

Added 15 minutes later:

An what about http://htmlpurifier.org for security issues?
Some CMS/CMF are using that library...

in [color=#729FCF][b]BLUES[/b][/color] I trust

This post was edited by donP (2010-04-09 15:48, 14 years ago)