Official: Redactor Composer now available in 0.7.1+
-
A good question, and worth investigating. To answer: yes it does. This is a well written professional WYSIWYG.
Test it on their website homepage.
An iframe declaration needs a src attribute, so adjust your example to
<iframe src="http://google.com"></frame>Also feel free to try script injection:
<script type="text/javascript">
alert("if javascript injection were possible this would fire");
</script>Or anything else you can think of.
-
Was having a few issues with stability on my end. Didn't seem to work with HTML sanitisation on or off. But I'll do some more thorough testing next week when I'm off work. Would like to end up using this over the standard composer as it does have a lot of potential.
-
@Codejet each to their own. A lot of non-technical content writers can't wrap their heads around markdown, and need some of the rich HTML features you can only get with composers like Redactor. When you signed off with 'undefined' were you reporting a specific problem? If so could you describe the steps go recreate the problem on the redactor plugin's GitHub issues page please?
-
@Drew-Llewellyn said:
You mean, like, is there a "preview" window to the right, like in the markdown composer? It's a WYSIWYG, so surely what you're seeing is what you're getting so it's both the editor and the preview. Or did I misunderstand your question?
How can you be sure... or is every post quite literally a web page ?
-
@Codejet said:
How can you be sure... or is every post quite literally a web page ?
Every post is a block of HTML, providing the CSS styles applied to the composition window (via classes) are the same as those applied to posts then the result would be the same.
If (and only if) there is a visible difference in composition div and post div then that just means there needs to be some classes added to the composition window so it inherits the same style rules. But the core of what you're asking about is "is it actually HTML, like when a post is rendered" and the answer is yes. It's actually HTML, so the WYSIWYG can be a true representation of the result. -
@Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.
They were quite stringent on this in the beginning.
There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing.
-
@Codejet said:
@Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.
They were quite stringent on this in the beginning.
There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing.
I did discuss this with @julian by email. There was a one month grace period where we could return Redactor for a full refund, so we took the opportunity to explore it and assess it for security concerns like script injection and iframe manipulation. We were happy it is secure.
For the preview, you'll note that the preview currently provided is a different font size the the actual post, and @ mentions don't have the same colour as they will in a post, the background colour is different and large quotes that get 'folded up' in the actual post aren't folded in the preview. So I would argue that Redactor's WYSIWYG editor is more accurate in its preview than the default composer.
If it's not for you, you don't need to worry as the markdown based composer is still available and supported. For other people who want rich content and more style options this is probably more for them. Especially people who are running forums where the initial post is staff-written content. Any company wanting to put together stylish, eye grabbing posts will want more than just markdown provides.
Thanks for giving it a test drive and providing feedback.
-
I'm getting a browser console error:
NS_ERROR_FAILURE:
as soon as I open the composer on any page, and it becomes unresponsive. Any idea what this could be? -
@yariplus said:
I'm getting a browser console error:
NS_ERROR_FAILURE:
as soon as I open the composer on any page, and it becomes unresponsive. Any idea what this could be?Any more info on what the console error is? Are all resources loading (no 404s etc?). Which browser, and which version? Which OS?
-
not working on safari , can't write.
also if i don't disable plugin markdown all i get is html code as result in my postswonder what will happen with olds posts if markdown is disabled ?
-
@exodo said:
wonder what will happen with olds posts if markdown is disabled ?
The raw markdown will show up. You can maintain compatibility with old posts by disabling HTML sanitisation in the markdown plugin settings, but this is only safe because Redactor comes with its own sanitiser.
It is a definite security risk to disable HTML sanitisation without another method of sanitisation in use.
-
@julian said:
@exodo said:
wonder what will happen with olds posts if markdown is disabled ?
The raw markdown will show up. You can maintain compatibility with old posts by disabling HTML sanitisation in the markdown plugin settings, but this is only safe because Redactor comes with its own sanitiser.
It is a definite security risk to disable HTML sanitisation without another method of sanitisation in use.
if you mean this, always had it disable