Re: Rich Text Editor for BBCOde?

[Joseph Heck]

It's not a full implementation, but it's pretty useful:http://svn.zilbo.com/svn/django/magic-removal/common/text/bbcode.pyer... it's moved since I last pulled it: 
http://svn.zyons.python-hosting.com/trunk/zilbo/common/text/bbcode.py(please note this isn't mine - it's just something I spotted while reading other folk's code)
On 6/2/06, Jeroen Ruigrok van der Werven <[EMAIL PROTECTED]> wrote:
On 6/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:> Does anyone know of a "fancy" rich text editor component which
> generates BBCode instead of HTML (or is customizable so that it can be> tailored to generate BBCode)? Maybe even one for which there is a> Django integration "Howto"?No, sorry, no ready made ones.
You could perhaps lift BBCode support fromhttp://spycebb.sourceforge.net/ or http://tboard.sourceforge.net/though.
--Jeroen Ruigrok van der Werven

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django users" group.  To post to this group, send email to django-users@googlegroups.com  To unsubscribe from this group, send email to [EMAIL PROTECTED]  For more options, visit this group at http://groups.google.com/group/django-users  -~--~~~~--~~--~--~---

Re: Rich Text Editor for BBCOde?

[Jeroen Ruigrok van der Werven]

On 6/1/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Does anyone know of a "fancy" rich text editor component which
> generates BBCode instead of HTML (or is customizable so that it can be
> tailored to generate BBCode)? Maybe even one for which there is a
> Django integration "Howto"?

No, sorry, no ready made ones.

You could perhaps lift BBCode support from
http://spycebb.sourceforge.net/ or http://tboard.sourceforge.net/
though.

-- 
Jeroen Ruigrok van der Werven

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---

Re: Rich Text Editor for BBCOde?

[Jan Claeys]

Op do, 01-06-2006 te 11:05 +, schreef [EMAIL PROTECTED]:
> Does anyone know of a "fancy" rich text editor component which
> generates BBCode instead of HTML (or is customizable so that it can be
> tailored to generate BBCode)? Maybe even one for which there is a
> Django integration "Howto"?

I have been looking around for something like that too, and the only one
I know is Wykiwyg: 

It generates wiki markup for some wikis, but I think adapting it to
support BBcode should be possible too...?

> I like the Django integration for the various rich text editors, and I
> want to give my users the ability to post styled text -- i just don't
> want to open the floodgates for all kinds of embedded HTML, with all
> the potential exploitable problems that can bring. 

I just had to edit some HTML generated by one of those... yuck!
For esthetic reasons alone those things should be forbidden.   :-(


-- 
Jan Claeys


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---

Re: Rich Text Editor for BBCOde?

[[EMAIL PROTECTED]]

Scott Anderson wrote:

> You're going to have to filter on the server side no matter what the browser 
> editor produces. ie. if you want to allow someone to post a link, you'll 
> still have to filter the href of the link posted via BBCode or someone can 
> just bypass the editor and post the code directly by not using your interface.
>
> The only surefire way, of course, is to completely disallow HTML (via quoting 
> < characters) and just allow text.

That's more or less what I'm doing. I pass the output through escape |
urlize | bbcode text filters, so any HTML input into the editor (or
posted directly via a POST request) comes out as <, >, etc. and
only selected bbcode markup gets converted to HTML markup.

Daniel


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---

Re: Rich Text Editor for BBCOde?

[Scott Anderson]

On Thu, 2006-06-01 at 11:43 +, [EMAIL PROTECTED] wrote:
> 
> All this may sound a bit (very?) paranoid for a small community portal
> site. The large number of comment spamming, SPAM and exploits against
> phpBB sites, etc. show that some people just don't play fair. You don't
> really want these people to go and write arbitrary HTML on your page.
> And the potential for abuse is such that if you DO allow HTML in
> postings, you have a lot of filtering to do.
> 
> Daniel


You're going to have to filter on the server side no matter what the browser 
editor produces. ie. if you want to allow someone to post a link, you'll still 
have to filter the href of the link posted via BBCode or someone can just 
bypass the editor and post the code directly by not using your interface.

The only surefire way, of course, is to completely disallow HTML (via quoting < 
characters) and just allow text. The next best thing is to use a whitelisting 
filter that only allows the tags you want it to allow. I have such a filter, 
and if there's interest I'll clean it up and post it somewhere. For now there's 
a prototype version at http://z.iwethey.org/forums/SourceCode/src/htmlparse.py 
that needs some work.

It scrubs everything by default. Tags are detected and filtered for
allowed markup only (eg. you can only put http:// in an href). There are
some BBCode-like markup elements (a number of which are specific to my
forums code only), and it's fairly trivial to add more. There's also a
two-step processing system: scrubbing first, during which links and the
like are converted to an interim format before being stored in the
database, then a second step which takes links and converts them to
actual tags according to the preferences of the user (some users like
all links to open a new window, for example) just before display.

Regards,
-scott



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---

Re: Rich Text Editor for BBCOde?

[[EMAIL PROTECTED]]

Todd O'Bryan wrote:
> Is it not sufficient to just look for 

Re: Rich Text Editor for BBCOde?

[Todd O'Bryan]

On Jun 1, 2006, at 7:05 AM, [EMAIL PROTECTED] wrote:
>
> I like the Django integration for the various rich text editors, and I
> want to give my users the ability to post styled text -- i just don't
> want to open the floodgates for all kinds of embedded HTML, with all
> the potential exploitable problems that can bring.

Is it not sufficient to just look for 

Rich Text Editor for BBCOde?

[[EMAIL PROTECTED]]

Hi.

Does anyone know of a "fancy" rich text editor component which
generates BBCode instead of HTML (or is customizable so that it can be
tailored to generate BBCode)? Maybe even one for which there is a
Django integration "Howto"?

I like the Django integration for the various rich text editors, and I
want to give my users the ability to post styled text -- i just don't
want to open the floodgates for all kinds of embedded HTML, with all
the potential exploitable problems that can bring.

Daniel


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---