Hello,
i'm Thomas BOHL (MaiGre) from France and this is my first post on this wiki,
i started to work with WikkaWiki one year ago.
I learned php by myself and i'm not aware of all 'standards' and rules, so please be kind
i will certainly make mistakes and say some horrible things :)
I start this page to receive your advices.

I've already worked on a mod of WikkaWiki to integrate FCKeditor.
I call it EasyWikka, and it will available to download quit soon.
Actually i wanted to install a website for associations easily manageable for people not familiar with web site creation.

This is not a very clean project for the moment:
Actually i started from the 1.6.2 Wikka and i replaced the classic editor with the FCKeditor. Pages content are now saved directly in html (arg!).

I know that can seems crazy for a wikki but my goal in a first time was to have a site based on WikkaWiki (because i know it and
i can easily manage style, actions, plugin,...) but not with a public register and edit possibilities.
So i thought that save the content in Html was not a problem as long as the editing mode is only accessible by
the website admin. Then i also did some changes on the default way to login and register.
What do you thing about that?

Now, both CKeditor 3.0 beta and FCKeditor for Mediawiki (with wikitext output) are available,
so i would like to start a cleaner project.
So here is what i would like to discuss on:
  1. How adapt FCKedior to transform html output to wikitext?
  2. How is it possible to imagine Wikka working directly with html?
  3. I mean, what are exactly the risks (code injection, iframe, javascript,...) and ways to prevent it

FCKeditor For WikkaWiki


Here is a project Mediawiki+FCKeditor: http://mediawiki.fckeditor.net/
I will start to study how it works in order to adapt it to the wikka engine and syntax..
But this project seems to be strongly integrated with the MediaWiki way of wiki.

Another idea is to create a reverse wakka.php engine, it is possible to translate wikitext to html
so wikitext-compatible-html should be not complicated to translate into WikiText.

The idea:
* not modify FCKeditor (-> easy update) so the editor works with html as input and output,
* use the existing Wikka.php to transform wikitext to html before starting the edit (so FCKeditor feels good)
* create a reverse Wikka.php to transform html output from FCKeditor into wikitext and escape all unrecognized html before storing in DB.

The only difficulties i can see for the moment are:
*images (needs a robust image action..)
*tables (i saw there is works in progress for next Wikka release)

First work:
* study the basic Html output from CKeditor 3.0 to see how it si possible to translate it.
-> you can find the CKeditor integration here : CKeditor4Wikka



Wikka in Html


What do you thing on store pages content in html? (Ok i know this is not an idea for the main Wikka project)

The main problem i can figure is the possibility to had code injection, with php, javascipt, or something else.
-> When i try to had <?php phpinfo(); ?> the code is automatically removed.
-> javascript doesn't seem to work

In the case of a private editing site what do you think of using Html storage?
In the case of public editing site i think this is definitely not secure..
Can you give me your opinion on possible attacks ?


CategoryDevelopment
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki