Gert wrote:Comments_XH has an own mini TinyMCE - special configured for the safety concept of Comments_XH, and RealBlog_XH uses the standard TinyMCE.
Hmm, so if I want to use another editor for the content and want to use the polished AdvancedNews, I have to install TinyMCE too.
The flexible editor-integration could be easy made for both of the plugins above .
If that's the statement from a leading "Team" member, I ask myself why we spend hours and hours making our hands dirty on coding a editor - interface .
So XH may stick on TinyMCE, even if some users have problems with it, e.g. table-handling.
I've wrote somewhere that I had trouble with TinyMCE on a bigger project and that I've solved that with a quick & dirty FCKeditor for XH 1.5.
I'm aware how to include an editor to XH. I need no flexible interface. And I must not share time, code and ideas on useless things...
So I should "sit and wait".
I know that some of the last updates of the plugin brought more security to the handling of the user-input. But it's still possible to include single malicious characters in the output and the "funny-string" - replacement ( for those who want to play ) fails on combinations of some scripting code.Gert wrote:for the safety concept of Comments_XH
I told you from the beginning that this concept could never be secure under all circumstances, because it filters only all malicious code you aware about.
And do you really aware about all of them? Hope so.
The PHP developers have created some simple to use functions to sanitize user-input. I don't know only one reason to ignore that. But that's your turn and I don't want to start here a longer discussion on that.