Badly missing 'quote', 'code' tags in the editor

srikat · Post by **srikat** » Mon Jan 08, 2007 3:25 pm

version: 1.6.8

I really miss the

 and [quote] BBcode tags in the content portion of an entry. Is there any work around?

matteo · Post by **matteo** » Mon Jan 08, 2007 8:02 pm

Hi,
sorry, do you mean that:

Code: Select all

 and [quote] are deleted when saving a faq[*][code] and [quote] are deleted when creating/editing a faq[*]you cannot use BBcode such as [code] and [quote] in faq content: they are not correctly rendered in HTML[/list]?

Ciao,
Matteo

srikat · Post by **srikat** » Mon Jan 08, 2007 8:05 pm

matteo:

I was asking about being able to use BBcode in FAQ content. I wonder how come so many forum systems use it when it's not rendered correctly in HTML

matteo · Post by **matteo** » Mon Jan 08, 2007 10:04 pm

Hi,

srikat wrote:I wonder how come so many forum systems use it when it's not rendered correctly in HTML

Here's a short answer: for security reasons it's better to support only a limited range of HTML tags to avoid any XSS injection. To do that:

you can create some tags other than SGML-like ones (i.e.: BBCode tags) and render them as HTML according to their semantic meaning (e.g.: phpBB);
you can drop the "insecure" HTML tags when the content is saved into the database and you can gain the use of an RTE (Rich Text Editor) to edit your content in a WYSIWYG fashion (e.g. phpMyFAQ 1.4.x+).

Have you tried, in PMF, to use <code> and <quote> directly using the HTML source button "<>" or using the third drop down for quoting PHP snippets?
Hope this will help you.

Ciao,
Matteo