Html formatting - Feature Requests


	PackFlash Support Forums
	To post to this forum please Register or Log In.

6/21/2011 2:04 AM

pixelPete

Joined: 12/26/2009

Posts: 4

Html formatting (N/A)

Could the comments module have an option for HTML text. Many of my users express frustration at not having paragraphs, bullet points and other formatting. Is there an easy way to make this possible.
Peter

www.tamborinedailystar.com

6/22/2011 4:44 PM

servicehost

Joined: 1/29/2009

Posts: 245

Re: Html formatting (N/A)

Hi Peter,

Unfortunately, this is not as easy as it sounds and allowing this causes problems that are not obvious without knowing them.

To provide this functionality in DNN requires the use of the rich text editor (currently the default is Telerik's RAD Editor, but historically this was FCK Editor...either can be used at any time and technically, you can use several others by including a different provider and installation within DNN and changing the web.config file).

The use of the rich text editor opens up the ability for the user to get access to file management capabilities (uploading, etc.) and potentially security risks through scripting. To get around this, the engine would either have to be intelligent enough to look through the code for the risks and eliminate them (which is near impossible) and also provide a limited set of controls in the editor itself (not allow for uploads by removing the associated buttons, for instance). Because of the number of options for editors at any one time, this becomes very difficult.

The reality is that DNN doesn't currently provide an elegant way to handle or enable HTML data from user-generated content in a secure fashion.

With all that said, the field for comments in the database does not prevent HTML content from being saved since it is of type "ntext". It is feasible to provide a global control to "Allow HTML Text" as long as the administrator is OK with the risks involved in doing so. This would mean that the users would have the full access to the Rich Text Editor, however. Unfortunately, the security risk also doesn't stop at the site in question either - it could affect every portal and potentially the entire server.

These security risks make it difficult to support for an installed version of the product. I just looked around on Snowcovered and couldn't find a competitor that was brave enough to go down this road either. Is there one that is doing this?

This solution would be a "relatively easy" customization if you were to purchase the source code for the Comments module and were willing to take the risks (and have the coding skills, of course).

Let us know your thoughts or if you have any more questions or need anything else.

Thank you.

Chris

6/22/2011 5:05 PM

pixelPete

Joined: 12/26/2009

Posts: 4

Re: Html formatting (N/A)

Modified By pixelPete on 6/22/2011 5:06:27 PM

Hi Chris - I guess I was looking at the Forum software (DNN & third-party) which seems to have the ability to use HTML. I understand what you say about the risks involved on the comments side of things - we have spammers sending stuff all the time as comments attached to articles we publish.

I did try to paste in HTML marked up code into the Comments module. The module accepted it and it was saved. However the module did not render it in the output. i.e. it just showed the the text and markup as if were all text.

I have modified the DNN Forum software to do what I was looking to do but it is not as elegant as your module. I wonder how the forum software gets over the hacker issue in HTML text that is submitted (like this forum for example)?
Peter

www.tamborinedailystar.com

6/22/2011 6:34 PM

servicehost

Joined: 1/29/2009

Posts: 245

Re: Html formatting (N/A)

Hi Peter,

Yes, I am not sure either. It is possible that it is a remnant of an earlier internet time, when security wasn't considered as much, but we recognize that the forum module does currently allow for this.

Chris

Page 1 of 1