Are you ready to switch to HTML parsing permanently?

Poll: A global switch to HTML parsing

Are you ready?

donP	#24104 2010-04-14 20:18
Members	1. I voted for HTML. Transition IS painless: a simple script (using the actual BBcode parser, as Koradhil said) would take care of that. 2. I vote for CKeditor (Koradhil: it also has good table support like tinyMCE) 'cause we can find free plugins to manage files and images (vs tinyMCE that proposes commercial plugins for this work) and it's more complete in language localization (for example, there isn't a finished Italian localization in tinyMCE). 3. I'm also in the idea of having a unique parser everywhere: HTML, and no parsing at all for comments but simple text for comments. We can study well the integration and configuration of HTMLPurifier with distinguished config-files called for pages or for forum areas (I also think forums are the best place where hackers can try to make their jobs). In tinyMCE documentation wiki there are some methods to secure from XSS attack: for example, creating textareas with JavaScript itself, so nobody can disable Javascript in his own browser trying to bypass security restrictions in editor configuration. Read it here: http://wiki.moxiecode.com/index.php/TinyMCE:Security#DOM-Compliant_Method 4. I would add a PROS for HTML parsing vs BBcode: No more huge database (cause we'll never have to store page_text and page_html or fp_text and fp_html, but only a field containing the actual HTML content). in [color=#729FCF][b]BLUES[/b][/color] I trust

donP

#24104 2010-04-14 20:18

1. I voted for HTML. Transition IS painless: a simple script (using the actual BBcode parser, as Koradhil said) would take care of that.

2. I vote for CKeditor (Koradhil: it also has good table support like tinyMCE) 'cause we can find free plugins to manage files and images (vs tinyMCE that proposes commercial plugins for this work) and it's more complete in language localization (for example, there isn't a finished Italian localization in tinyMCE).

3. I'm also in the idea of having a unique parser everywhere: HTML, and no parsing at all for comments but simple text for comments.
We can study well the integration and configuration of HTMLPurifier with distinguished config-files called for pages or for forum areas (I also think forums are the best place where hackers can try to make their jobs).
In tinyMCE documentation wiki there are some methods to secure from XSS attack: for example, creating textareas with JavaScript itself, so nobody can disable Javascript in his own browser trying to bypass security restrictions in editor configuration.
Read it here:
http://wiki.moxiecode.com/index.php/TinyMCE:Security#DOM-Compliant_Method

4. I would add a PROS for HTML parsing vs BBcode: No more huge database (cause we'll never have to store page_text and page_html or fp_text and fp_html, but only a field containing the actual HTML content).

in [color=#729FCF][b]BLUES[/b][/color] I trust

Yes, if migration is automated	83.3%	65
No, never	1.3%	1
Please support multiple parsers, despite it is hard to maintain!	15.4%	12