Re: [Phpwiki-talk] WYSIWIKI

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

2005/10/19, Dan Frankowski <dfr...@cs...>:
> For your fun and enjoyment here is an undergraduate thesis on making
> PhpWiki into a WYSIWIKI:
>
> http://www.tc.umn.edu/~yile0001/thesis.pdf
>
> I am not necessarily recommending this as a plan of action, but I think
> it's good to be exposed to these ideas. I will say that one of my vocal
> users feels WYSIWIKI (without a save button!) would be a huge win.
> Disclosure: I did not write this thesis, but I did work with Scott on
> other things.
>
> Dan
>
> The short story:
>
> - Markup is hard for some
> - Markup is ambiguous sometimes (e.g., "*happy days*" produces a bullet
> instead of bold)

This is a bug which should be fixed somewhen...

> - Saving should happen more easily

Very good idea.

> A trial implementation:

Can Scott please make CinchWiki available?
I agree with most if his points.

> - Bolt a WYSIWIG editor onto the wiki in this case SPAW,
> http://sourceforge.net/projects/spaw

My initial WYSIWYG wiki was guiki. Brain dead simple.

> - Save pages in straight HTML so it is a logical, consistent, powerful
> language

pagetype=3Dhtml

> - Do it in a way so people don't have to hit an "edit" or "save" button
> anymore (!!). It just auto-saves every few seconds (to the same
> revision, so it doesn't create huge numbers of revisions)

InlineEditing can only be done if ENABLE_WYSIWYG is the one and
only editing option.
Maybe provide an link to the traditional wikimarkup edit textarea...

> Some limitations to be solved, with proposals for solutions for each:
>
> - Lack of plugin support

This can be done by some custom insert plugin button (as phpwiki-1.3.11)
and a form to edit the args, as described in the thesis, plus some
AJAX code in the background.

I don't like the idea of magic HTML comments.
Plugins should be translated with pagetype=3Dhtml to use xml syntax.
<plugin name=3DAllUsers options>
  <ul><li>intermediate list by AJAX</li>
  </ul>
</plugin>

> - HTML vulnerability

The RawHtml plugin uses a safe_html lib to strip possible vulnerabilities.

http://chxo.com/scripts/safe_html-test.php
A set of functions for sanitizing user input:
    keeps "friendly" tags but strips javascript events and style attributes
    closes any open comment tags
    closes any open HTML tags - results may not be valid HTML, but
        at least they will keep the rest of the page from breaking

    treats the following as malicious conditions and returns text stripped
    of all html tags:
        any instances of =3D'javascript:
        event or style attributes remaining after initial replacement

See also http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker
--
Reini Urban
http://phpwiki.org/