RE: FCKeditor Fusebox4.1
Thanks Barney, that's what I was thinking along those lines so your comments help enforce my argument with my 'he who cannot be wrong' manager! -Original Message- From: Barney Boisvert [mailto:[EMAIL PROTECTED] Sent: 25 August 2005 18:30 To: CF-Talk Subject: Re: FCKeditor Fusebox4.1 With an admin application, you necessarily have to trust the content your users are adding. How far you trust them depends on the app, but in general, you have to assume they know what they're doing, and if they enter malicious code, that's what they wanted. I.e. it's policy enforcement, not technical enforcement. cheers, barneyb On 8/25/05, Andy McShane [EMAIL PROTECTED] wrote: I will do. Another quick point, anybody who has had any experience with FCKeditor and saving the entered content into a SQL server database, are there any critical things to look out for i.e. any string replacement that needs to be done in order to save the content? Ways to prevent malicious code being entered? -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216460 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FCKeditor Fusebox4.1
On 8/25/05, Andy Mcshane [EMAIL PROTECTED] wrote: Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? Hi, I am interested into integrating an HTML Editor in a Fusebox 4.1 MVC/OOP application as well, please post back your experiences to the list. Thanks. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216325 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FCKeditor Fusebox4.1
I will do. Another quick point, anybody who has had any experience with FCKeditor and saving the entered content into a SQL server database, are there any critical things to look out for i.e. any string replacement that needs to be done in order to save the content? Ways to prevent malicious code being entered? -Original Message- From: wolf2k5 [mailto:[EMAIL PROTECTED] Sent: 25 August 2005 09:58 To: CF-Talk Subject: Re: FCKeditor Fusebox4.1 On 8/25/05, Andy Mcshane [EMAIL PROTECTED] wrote: Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? Hi, I am interested into integrating an HTML Editor in a Fusebox 4.1 MVC/OOP application as well, please post back your experiences to the list. Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216327 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FCKeditor Fusebox4.1
I've head great luck with TinyMCE in both FB3 and FB4.1. It's amazingly simple to use, and has a great plug-in architecture, so extending it is a breeze. I'd highly recommend taking a close look at it, if you're not already committed to FCKEditor. cheers, barneyb On 8/25/05, Andy Mcshane [EMAIL PROTECTED] wrote: Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216353 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FCKeditor Fusebox4.1
I have, found it very easy to get rolling. The provide you with a very basic example of invoking it. Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216345 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FCKeditor Fusebox4.1
Thanks, I am not committed to anything at the moment so I will give TinyMCE a look. My main concerns are if there are any issues with the storeing and retrieving of data that is entered. Are there any guidelines or best practices for integrating either of these solutions in Coldfusion, especially fisebox? -Original Message- From: Barney Boisvert [mailto:[EMAIL PROTECTED] Sent: 25 August 2005 17:38 To: CF-Talk Subject: Re: FCKeditor Fusebox4.1 I've head great luck with TinyMCE in both FB3 and FB4.1. It's amazingly simple to use, and has a great plug-in architecture, so extending it is a breeze. I'd highly recommend taking a close look at it, if you're not already committed to FCKEditor. cheers, barneyb On 8/25/05, Andy Mcshane [EMAIL PROTECTED] wrote: Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216359 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FCKeditor Fusebox4.1
With an admin application, you necessarily have to trust the content your users are adding. How far you trust them depends on the app, but in general, you have to assume they know what they're doing, and if they enter malicious code, that's what they wanted. I.e. it's policy enforcement, not technical enforcement. cheers, barneyb On 8/25/05, Andy McShane [EMAIL PROTECTED] wrote: I will do. Another quick point, anybody who has had any experience with FCKeditor and saving the entered content into a SQL server database, are there any critical things to look out for i.e. any string replacement that needs to be done in order to save the content? Ways to prevent malicious code being entered? -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216372 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FCKeditor Fusebox4.1
I implemented FCKEditor into a Fusebox CMS application and had no issues other than IIS and CF mappings (which I would have had regardless). It's pretty easy to setup, but the component call was done within DSP fuses not the circuit as it was an inline use not a content append. I did not try TinyMCE and my FCKEditor implementation doesn't support Image or File browser right now as I need to write a custom browser for our implementation. HTH, Phil Has anybody had any experience using FCKeditor, Fusebox4.1 and MVC using the CFC method of invoking the editor? Are there any examples available? In your opinion is FCKeditor easier to use than TinyMCE? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216410 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FCKeditor Fusebox4.1
I will do. Another quick point, anybody who has had any
experience with
FCKeditor and saving the entered content into a SQL server
database, are
there any critical things to look out for i.e. any string
replacement that
needs to be done in order to save the content? Ways to
prevent malicious
code being entered?
I'm using an XSLT transformation to strip out any references to
script,form,frame,frameset and iframe tags, as well as any attribute
beginning with on in an attempt to prevent XSS attacks. Although I'm
not using FCKEditor ... right now I'm using HTMlArea, although I'm
planning to move to TinyMCE. I'm not real thrilled with the API for
any of them -- although the API for HTMLArea seems better than TinyMCE
which appears to be a much better tool overall. My biggest reason for
wanting to use TinyMCE is that is looks to me cleaner / easier for the
end user.
When you validate the form on the server, make sure the posted content
is valid XML and strip content like this:
cftry
cfset myxml = XMLParse(form.fielaname)
cfset myxml = XMLTransform(myxml,expandpath('filter.xsl'))
cfcatch
... do error handling -- tell the user they need to post valid
xml
/cfcatch
/cftry
(I recommend not using expandpath, but that's asside from the point.
The path should be a local path to the file on your server and it
should point to an XSL sheet that looks like this:
?xml version=1.0 encoding=UTF-8?
xsl:stylesheet version=1.0
exclude-result-prefixes=tap
xmlns:tap=http://www.fusiontap.com;
xmlns:xsl=http://www.w3.org/1999/XSL/Transform;
xsl:output method=xml indent=no omit-xml-declaration=yes /
xsl:variable name=lcase select='abcdefghijklmnopqrstuvwxyz' /
xsl:variable name=ucase select='ABCDEFGHIJKLMNOPQRSTUVWXYZ' /
xsl:variable name=tags select=',script,frame,frameset,variable,fo
rm,input,select,option,textarea,button,' /
xsl:template match=/xml//*[contains($tags,concat(',',translate(loca
l-name(),$ucase,$lcase),','))=false()]
xsl:copy
xsl:copy-of select=@*[
translate(normalize-space(namespace-uri(.)),$ucase,$lcase)!='http:
//www.fusiontap.com'
and
starts-with(translate(local-name(),$ucase,$lcase),'on')=false()
and
starts-with(translate(normalize-space(.),$ucase,$lcase),'javas
cript:')=false()
] /
xsl:apply-templates /
/xsl:copy
/xsl:template
xsl:template match=//*[translate(normalize-space(namespace-uri(.)),
$ucase,$lcase)='http://www.fusiontap.com'] /
xsl:template match=//*[contains($tags,concat(',',translate(local-na
me(),$ucase,$lcase),','))=true()] /
/xsl:stylesheet
If you'ure using CF 6 you will need to read the xsl file first with
cffile.
hth
s. isaac dealey 954.522.6080
new epoch : isn't it time for a change?
add features without fixtures with
the onTap open source framework
http://www.fusiontap.com
http://coldfusion.sys-con.com/author/4806Dealey.htm
~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216426
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations Support: http://www.houseoffusion.com/tiny.cfm/54
