Chewie Posted September 6, 2015 Share Posted September 6, 2015 When starting a new post or creating a reply, the source button in the editor isn't available... Since screen-shotting the image I have now tried it with... FireFox 40.0.3Chrome 45.0.2454.85 (64-bit) (+Incognito mode)Safari 8.0.8^ All on OSX Yosemite 10.10.5Firefox 40.0.3Microsoft EdgeMicrosoft Internet Explorer^ All on Windows 10Also tried through 2 different ISPs. Link to comment
0 leviramsey Posted September 13, 2015 VT Supporter Share Posted September 13, 2015 One possible workaround this suggests, if you're willing to take advantage of the subset of HTML, is that if you can prevent CKEditor from loading (either via disabling Javascript or via GreaseMonkey), you get a raw textarea wherein you can post HTML. Disabling Javascript disables the quote mechanism, but a tailored GreaseMonkey script might be able to preserve quote behavior.Alternatively, if admins/mods are normally restricted to the same subset of HTML (e.g. no blockquotes), then it would seem that all users could be given permission to post HTML. 1 Link to comment
0 leviramsey Posted September 13, 2015 VT Supporter Share Posted September 13, 2015 From examination of the HTTP request headers, it's clear that CKEditor transmits HTML to the server, which is then scrubbed by the server to the known-safe subset of HTML. The question is then whether the source button in CKEditor bypasses scrubbing. Without inspection of the HTTP traffic, I can't answer that question (if an admin/mod wants to check...).From documentation for IPB 3.4 with CKEditor, it seems that whether the source button is displayed for everybody is configurable independent of HTML permissions, though it defaults to Source iff HTML. Assuming that the IPB permission governs the server-side scrubber, then this means that everyone can get the source button. 1 Link to comment
0 Chewie Posted September 16, 2015 Author Share Posted September 16, 2015 ^ Great investigation and explanation into the way the editor works, bravo.Limpid: I know it's not a huge concern for you, but have you thought about allowing the HTML editor for all posters? Assuming it is a global option? The Prediction thread last week was a nightmare due to formatting issues. I was actually trying to change the format and attempting to insert tables into the post to make life easier for everyone but I had to give up as I just could not get a return working after the table insert. The WYSIWYG editor is decent, it just doesn't give you the ability to fine tune things when it goes a bit wacky. Link to comment
0 limpid Posted September 16, 2015 Administrator Share Posted September 16, 2015 I think the idea of allowing any user to post any HTML is horrifying.When things have settled down, I'll have a look and see if I can turn it on for some users and then work out how to identify those users. 1 Link to comment
0 Tegis Posted September 16, 2015 VT Supporter Share Posted September 16, 2015 Might be a good incentive to donations. That said, posting malformed html does have a tendency to break sites depending on how well designed/protected the forum-code is. Link to comment
0 Chewie Posted September 16, 2015 Author Share Posted September 16, 2015 I think the idea of allowing any user to post any HTML is horrifying.When things have settled down, I'll have a look and see if I can turn it on for some users and then work out how to identify those users.Lol, yeah fair enough. Appreciate you looking into a long term solution as opposed to just telling us 'tough luck'. Cheers. Link to comment
0 limpid Posted September 16, 2015 Administrator Share Posted September 16, 2015 Might be a good incentive to donations. That said, posting malformed html does have a tendency to break sites depending on how well designed/protected the forum-code is. I remember in the first version of VT that if a user posted the bbcode for bold in their sig and didn't close it, the rest of the page was in bold 1 Link to comment
0 leviramsey Posted September 16, 2015 VT Supporter Share Posted September 16, 2015 (edited) I think the idea of allowing any user to post any HTML is horrifying.When things have settled down, I'll have a look and see if I can turn it on for some users and then work out how to identify those users.I don't think anyone is talking about allowing posters to post arbitrary HTML. Have you read my posts at all?As it stands, every user of this site is posting HTML. It's what CKEditor sends to the server. It's what users who don't use CKEditor (either by disabling Javascript or via a mythical GreaseMonkey script to disable CKEditor) are sending to the server. This is true regardless of what permissions are set.EDIT to add: the scrubber does appear to close every tag opened. Edited September 17, 2015 by leviramsey Link to comment
0 limpid Posted September 17, 2015 Administrator Share Posted September 17, 2015 Levi,Did you read my post? For the kind of poster who could understand how to turn off CKeditor, I'd be happy to let them post HTML (once I can establish what is and isn't allowed). I don't have time to look into it at the moment. Link to comment
0 leviramsey Posted September 17, 2015 VT Supporter Share Posted September 17, 2015 Perhaps I'm being unclear. Adding the source button for every user is a simple matter of adjusting the configuration of CKEditor (depending on how much IPS has hacked on it, we're either talking about a plugin like SourceDialog or adding about 4 lines of JavaScript to VT's source). It has nothing to do with board permissions: the HTML submitted is still scrubbed. Link to comment
0 limpid Posted September 17, 2015 Administrator Share Posted September 17, 2015 Perhaps I'm being unclear. I'm too busy to look at this at the moment regardless of how many times you say it.When I get chance I'll start by investigating why people can't just use CKeditor. Then; what am I going to get asked for support on from the majority, not what works best for the few power users. People might want to edit HTML, but they don't need to. Therefore this is parked until I get some time. Link to comment
0 leviramsey Posted September 20, 2015 VT Supporter Share Posted September 20, 2015 I need to edit HTML. My posts (most notably the prediction posts) look like utter shit from how the editor mangles them. On top of that, posting links takes orders of magnitude longer than before, thanks to requiring a dialog. Link to comment
0 limpid Posted September 23, 2015 Administrator Share Posted September 23, 2015 A new version of the forum is due next month (minor upgrade), but they've posted this about the editor:https://community.invisionpower.com/blogs/entry/9739-ips-community-suite-41-editor-update/We have made a huge upgrade to our editor in IPS Community Suite 4.1 with a focus on speed an usability. I made a video overview of the new editor to point out some of the key changes. Before viewing, here are the release notes about the editor for your reference:[ there is a video there too ] 1 Link to comment
0 Chewie Posted September 24, 2015 Author Share Posted September 24, 2015 Plain text will be a godsend for the prediction thread, looking forward to it. Link to comment
0 limpid Posted September 24, 2015 Administrator Share Posted September 24, 2015 Plain text will be a godsend for the prediction thread, looking forward to it.All it's going to do is the same as pressing ctrl-shift-v instead of ctrl-v. ie. You can do it now. Link to comment
0 Chewie Posted September 24, 2015 Author Share Posted September 24, 2015 Plain text will be a godsend for the prediction thread, looking forward to it. All it's going to do is the same as pressing ctrl-shift-v instead of ctrl-v. ie. You can do it now. If it strips formatting after input/pasting then it will help with people (who don't follow instructions) posting in the prediction thread 1 Link to comment
Question
Chewie
When starting a new post or creating a reply, the source button in the editor isn't available...
Since screen-shotting the image I have now tried it with...
FireFox 40.0.3
Chrome 45.0.2454.85 (64-bit) (+Incognito mode)
Safari 8.0.8
^ All on OSX Yosemite 10.10.5
Firefox 40.0.3
Microsoft Edge
Microsoft Internet Explorer
^ All on Windows 10
Also tried through 2 different ISPs.
Link to comment
36 answers to this question
Recommended Posts