[05:38]  giesen joined #tikiwiki
[08:48]  robertokir joined #tikiwiki
[11:00]  gour joined #tikiwiki
[11:26] luciash gour: html escaping is needed for security or vandalism reasons unless the plugin would need approval on each edit
[11:27] gour luciash: is it possible to disable plugin for anon. users?
[11:27] luciash gour: s/unless/otherwise/
[11:28] luciash gour: nope
[11:29] gour luciash: that sucks a bit...well, i can try to add https://github.com/webuni/commonmark-attributes-extension to get what i want/need
[11:29] gour i'd prefer to keep my (offline) content in 'pure' markdown markup without too much fiddling with wiki-plugins like DIV/IMG etc.
[11:30] luciash gour: "maybe, the plugin can have options to enable/disable html_input ..." <- that would be possible
[11:31] luciash but we can add such enhancements later... now it is not much time and we need to decide mainly if we stick with the current phpleague/commonmark or change to the other one before 20.x is released
[11:32] gour luciash: that would be good...i envision the scenario to write the content offline and then copy&paste within Tiki, add links for the images etc. and then-only I can enable html-input
[11:33] gour luciash: based on the feedback i got that the commonmark parser is an example of well-written code, i do vote to stay with your original choice
[11:34] gour michelf/php-markdown seems to lack those html-input/unsafe-links option, while the erusev/parsedown is in a flux (awaiting for 2.0 release) and 'extra' part is not in sync with the dev version
[11:35] luciash i see, I read what you wrote above now
[11:35] luciash sounds good to me
[11:35] gour privately, however, i'll try to make that 'attibutes' extension working with the plugin
[11:36] luciash we can stick with what we have and allow for some ůextra" features later
[11:36] luciash "extra"
[11:36] * gour nods
[11:36] gour :thumbs-up:
[11:38] gour i must admit that without your plugin i'd not migrate to Tiki and would either stay with static-site-generators which are problematic when one tries to plumb the holes (search feature, forms etc.) or i'd have to use something like Grav where one have to fight with plugin incompatibilities  (https://pluginproblems.com/Modules-Extensions)
[11:41] gour besides 'attributes' extension, now i'll try to tackle things like https://dev.tiki.org/tiki-view_tracker_item.php?trackerId=5&itemId=7088
[11:48] gour luciash: btw, the danger of html_input is for comments only or in general?
[11:48] luciash gour: for comments?
[11:49] gour luciash: blog comments
[11:49] gour or anyone can do damage to the Tiki instance?
[11:49] luciash gour: nope, in general for every Tiki textarea input where wiki syntax and plugins can be used
[11:50] gour i see
[11:50] luciash it is to prevent breaking your site layout for example, imagine someone would put unclosed html tag in there and you will have hard time to edit the page then to repair it
[11:51] luciash not impossible to edit that but would be a PITA
[11:51] gour ok...ability to enable params in plugin, will be good-enough
[11:52] luciash not mentioning JS attempts to damage your site/users
[12:31] Jyhem polom
[12:31] Jyhem html input looks nice because the possibilities are infinite. BUT there are so many issues :-(
[12:33] Jyhem First: it goes against the whole point of markdown. If you know html, theoretically you don't even need markdown. (Note that we already have a HTML plugin)
[12:33] Jyhem Second: site could be defaced like luciash mentioned
[12:33] Jyhem Third: people can embed malware in the page.
[12:36] Jyhem Fourth: it leads to people trying to allow "safe" subsets of html and "filter" the rest which makes the whole thing overcomplicated, impossible to maintain, not intuitive to users (some stuff works, other doesn't), with ugly side effects. Like we have <x>s popping up and destroying content in seemingly random places now
[12:37] gour Jyhem: i've got it...however, will try to make that 'attributes' extension work
[12:38] Jyhem I think the way this is going is, we will end up having two plugins. One safe one starting with one mardown flavor and ending with a selection of markdown flavors, which can be used by anyone
[12:39] Jyhem Another one which is unsafe which requires content validation and which will allow dangerous stuf.
[12:40] Jyhem That's what was done for pluginR and pluginRR
[12:40] Jyhem One is safe and the other just wraps the other but it allows dangerous and powerful R commands and requires validation
[12:42] Jyhem Some people tried having option-level validation and I think it was confusing users.
[12:43] Jyhem Anyway, +1 to luciash's strategy: get something useful in Tiki20 which can be extended later on.
[12:45] Jyhem bbl
[12:49] gour interesting...
[13:54]  jonnyb joined #tikiwiki
[15:47]  gour joined #tikiwiki
[16:06]  gour_ joined #tikiwiki
[19:12]  gour joined #tikiwiki
[21:23]  Jyhem_laptop joined #tikiwiki