Official: Redactor Composer now available in 0.7.1+
-
Thanks @Drew-Llewellyn! For everybody who doesn't already know, he helped fund development for this new composer by purchasing an open-source license so everybody can use it in NodeBB for free!
Implementation as it is currently is quite bare-bones. The next step is really getting uploads working, although it is not a priority at the moment.
-
I think getting some contribution and pull requests from some of this forum's incredible devs will allow the plugin to be shaped by user needs, especially if core devs are busy with other things
Definitely agree getting uploads to work is an important one
-
HTML sanitization disabled...
Yeah that's not happening.
Does redactor prevent me doing something like <iframe="http://dodgywebsite.com"></iframe>?
-
A good question, and worth investigating. To answer: yes it does. This is a well written professional WYSIWYG.
Test it on their website homepage.
An iframe declaration needs a src attribute, so adjust your example to
<iframe src="http://google.com"></frame>Also feel free to try script injection:
<script type="text/javascript">
alert("if javascript injection were possible this would fire");
</script>Or anything else you can think of.
-
Was having a few issues with stability on my end. Didn't seem to work with HTML sanitisation on or off. But I'll do some more thorough testing next week when I'm off work. Would like to end up using this over the standard composer as it does have a lot of potential.
-
@Codejet each to their own. A lot of non-technical content writers can't wrap their heads around markdown, and need some of the rich HTML features you can only get with composers like Redactor. When you signed off with 'undefined' were you reporting a specific problem? If so could you describe the steps go recreate the problem on the redactor plugin's GitHub issues page please?
-
@Drew-Llewellyn said:
You mean, like, is there a "preview" window to the right, like in the markdown composer? It's a WYSIWYG, so surely what you're seeing is what you're getting so it's both the editor and the preview. Or did I misunderstand your question?
How can you be sure... or is every post quite literally a web page ?
-
@Codejet said:
How can you be sure... or is every post quite literally a web page ?
Every post is a block of HTML, providing the CSS styles applied to the composition window (via classes) are the same as those applied to posts then the result would be the same.
If (and only if) there is a visible difference in composition div and post div then that just means there needs to be some classes added to the composition window so it inherits the same style rules. But the core of what you're asking about is "is it actually HTML, like when a post is rendered" and the answer is yes. It's actually HTML, so the WYSIWYG can be a true representation of the result. -
@Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.
They were quite stringent on this in the beginning.
There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing.
-
@Codejet said:
@Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.
They were quite stringent on this in the beginning.
There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing.
I did discuss this with @julian by email. There was a one month grace period where we could return Redactor for a full refund, so we took the opportunity to explore it and assess it for security concerns like script injection and iframe manipulation. We were happy it is secure.
For the preview, you'll note that the preview currently provided is a different font size the the actual post, and @ mentions don't have the same colour as they will in a post, the background colour is different and large quotes that get 'folded up' in the actual post aren't folded in the preview. So I would argue that Redactor's WYSIWYG editor is more accurate in its preview than the default composer.
If it's not for you, you don't need to worry as the markdown based composer is still available and supported. For other people who want rich content and more style options this is probably more for them. Especially people who are running forums where the initial post is staff-written content. Any company wanting to put together stylish, eye grabbing posts will want more than just markdown provides.
Thanks for giving it a test drive and providing feedback.
-
@yariplus said:
I'm getting a browser console error:
NS_ERROR_FAILURE:as soon as I open the composer on any page, and it becomes unresponsive. Any idea what this could be?Any more info on what the console error is? Are all resources loading (no 404s etc?). Which browser, and which version? Which OS?
-
@Drew-Llewellyn
That's the entire message. No other errors. Seems to happen only on Firefox.
