Official: Redactor Composer now available in 0.7.1+


  • Was having a few issues with stability on my end. Didn't seem to work with HTML sanitisation on or off. But I'll do some more thorough testing next week when I'm off work. Would like to end up using this over the standard composer as it does have a lot of potential.

  • GNU/Linux

    I'll be direct with you, I don't like this composer one bit 😄 tried it and dislike


  • @teh_g it still needs file upload support. Feel free to fork the GitHub and include it.


  • @a_5mith it's pretty new, code wise, so your feedback (and pull requests) are appreciated.


  • @Codejet each to their own. A lot of non-technical content writers can't wrap their heads around markdown, and need some of the rich HTML features you can only get with composers like Redactor. When you signed off with 'undefined' were you reporting a specific problem? If so could you describe the steps go recreate the problem on the redactor plugin's GitHub issues page please?

  • GNU/Linux

    @Drew-Llewellyn Is there a preview option ?


  • You mean, like, is there a "preview" window to the right, like in the markdown composer? It's a WYSIWYG, so surely what you're seeing is what you're getting so it's both the editor and the preview. Or did I misunderstand your question?

  • GNU/Linux

    @Drew-Llewellyn said:

    You mean, like, is there a "preview" window to the right, like in the markdown composer? It's a WYSIWYG, so surely what you're seeing is what you're getting so it's both the editor and the preview. Or did I misunderstand your question?

    How can you be sure... or is every post quite literally a web page ?


  • @Codejet said:

    How can you be sure... or is every post quite literally a web page ?

    Every post is a block of HTML, providing the CSS styles applied to the composition window (via classes) are the same as those applied to posts then the result would be the same.
    If (and only if) there is a visible difference in composition div and post div then that just means there needs to be some classes added to the composition window so it inherits the same style rules. But the core of what you're asking about is "is it actually HTML, like when a post is rendered" and the answer is yes. It's actually HTML, so the WYSIWYG can be a true representation of the result.

  • GNU/Linux

    @Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.

    They were quite stringent on this in the beginning.

    There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing. 😬


  • @Codejet said:

    @Drew-Llewellyn nope not for me, I'm surprised Nodebb developers have not complained about the security risks.

    They were quite stringent on this in the beginning.

    There is no preview either, maybe if it had that I would use it. There would be a lot of messing around if you didn't get all your html right the first time, and there really is no way to test if it works, so it gets published straight to the forum. Modern day forums allow preview's before finally submit the real thing. 😬

    I did discuss this with @julian by email. There was a one month grace period where we could return Redactor for a full refund, so we took the opportunity to explore it and assess it for security concerns like script injection and iframe manipulation. We were happy it is secure.

    For the preview, you'll note that the preview currently provided is a different font size the the actual post, and @ mentions don't have the same colour as they will in a post, the background colour is different and large quotes that get 'folded up' in the actual post aren't folded in the preview. So I would argue that Redactor's WYSIWYG editor is more accurate in its preview than the default composer.

    If it's not for you, you don't need to worry as the markdown based composer is still available and supported. For other people who want rich content and more style options this is probably more for them. Especially people who are running forums where the initial post is staff-written content. Any company wanting to put together stylish, eye grabbing posts will want more than just markdown provides.

    Thanks for giving it a test drive and providing feedback.

  • Community Rep

    I'm getting a browser console error: NS_ERROR_FAILURE: as soon as I open the composer on any page, and it becomes unresponsive. Any idea what this could be?


  • @yariplus said:

    I'm getting a browser console error: NS_ERROR_FAILURE: as soon as I open the composer on any page, and it becomes unresponsive. Any idea what this could be?

    Any more info on what the console error is? Are all resources loading (no 404s etc?). Which browser, and which version? Which OS?

  • Community Rep

    @Drew-Llewellyn

    That's the entire message. No other errors. Seems to happen only on Firefox.


  • @yariplus Will try and take a look later tonight. I don't have FF and I'm at work right now 😃

  • Plugin & Theme Dev

    not working on safari , can't write.
    also if i don't disable plugin markdown all i get is html code as result in my posts

    wonder what will happen with olds posts if markdown is disabled ?

  • GNU/Linux Admin

    @exodo said:

    wonder what will happen with olds posts if markdown is disabled ?

    The raw markdown will show up. You can maintain compatibility with old posts by disabling HTML sanitisation in the markdown plugin settings, but this is only safe because Redactor comes with its own sanitiser.

    It is a definite security risk to disable HTML sanitisation without another method of sanitisation in use.

  • Plugin & Theme Dev

    @julian said:

    @exodo said:

    wonder what will happen with olds posts if markdown is disabled ?

    The raw markdown will show up. You can maintain compatibility with old posts by disabling HTML sanitisation in the markdown plugin settings, but this is only safe because Redactor comes with its own sanitiser.

    It is a definite security risk to disable HTML sanitisation without another method of sanitisation in use.

    if you mean this, always had it disable
    Captura de pantalla 2015-07-22 a las 19.39.10.png

  • GNU/Linux Admin

    Disable HTML Sanitisation / Enable HTML usage

    Sorry for the confusing text 😆

  • Plugin & Theme Dev

    @julian said:

    Disable HTML Sanitisation / Enable HTML usage

    Sorry for the confusing text 😆

    i see 👊

Suggested Topics

| |