Details

      Description

      http://docs.ckeditor.com/#%21/guide/dev_advanced_content_filter
      http://docs.ckeditor.com/#!/guide/plugin_sdk_integration_with_acf

      http://ckeditor.com/blog/Upgrading-to-CKEditor-4.1
      http://ckeditor.com/blog/CKEditor-4.1-Released

      Research ACF

      Using the allowedContent settings, besides true (allow all content), it seems impractical to use it for Web Content and Blogs. We'd need to whitelist every element+attribute we'd want to allow. So for example, to support tables, we'd need to add something like: table[ 'border', 'cellpadding', cellspacing'], thead, tbody, tfoot, tr, th, td.

      For more restrictive content like BBCode and Creole this may be fine. But for Web Content and Blogs, we provide a lot of features.

      But maybe this is what we want? It would be safer, but I just think it'd be a pain to maintain and prone to misconfiguration.

      4.4.0 added blacklisting (disallowedContent) and RegEx to the content filter rules. RegEx would make whitelisting easier. Or it seems like it would be easier to blacklist content we didn't want to allow. But is that a security no-no? Maybe we could use both? disallowedContent for Web Content and Blogs; and allowedContent for Wiki and Message Boards.

      Also of note, extraAllowedContent used with ACF left in auto mode, we can create a minimal baseline of content, allowing the plugins, toolbars, etc. to handle the bulk of the defining parts. I don't know how much that really saves us though.

      Points of interest

        Attachments

          Activity

            People

            Assignee:
            byran.zaugg Byran Zaugg (Inactive)
            Reporter:
            byran.zaugg Byran Zaugg (Inactive)
            Recent user:
            Esther Sanz
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              6 years, 40 weeks ago

                Packages

                Version Package