←Prev date Next date→ Show only urls(Click on time to select a line by its url)
WhoWhatWhen
giesenjoined #tikiwiki [05:38]
....................................... (idle for 3h10mn)
robertokirjoined #tikiwiki [08:48]
........................... (idle for 2h12mn)
gourjoined #tikiwiki [11:00]
...... (idle for 26mn)
luciashgour: html escaping is needed for security or vandalism reasons unless the plugin would need approval on each edit [11:26]
gourluciash: is it possible to disable plugin for anon. users? [11:27]
luciashgour: s/unless/otherwise/
gour: nope 		[11:27]
gourluciash: that sucks a bit...well, i can try to add https://github.com/webuni/commonmark-attributes-extension to get what i want/need
i'd prefer to keep my (offline) content in 'pure' markdown markup without too much fiddling with wiki-plugins like DIV/IMG etc. 		[11:29]
luciashgour: "maybe, the plugin can have options to enable/disable html_input ..." <- that would be possible
but we can add such enhancements later... now it is not much time and we need to decide mainly if we stick with the current phpleague/commonmark or change to the other one before 20.x is released 		[11:30]
gourluciash: that would be good...i envision the scenario to write the content offline and then copy&paste within Tiki, add links for the images etc. and then-only I can enable html-input
luciash: based on the feedback i got that the commonmark parser is an example of well-written code, i do vote to stay with your original choice
michelf/php-markdown seems to lack those html-input/unsafe-links option, while the erusev/parsedown is in a flux (awaiting for 2.0 release) and 'extra' part is not in sync with the dev version 		[11:32]
luciashi see, I read what you wrote above now
sounds good to me 		[11:35]
gourprivately, however, i'll try to make that 'attibutes' extension working with the plugin [11:35]
luciashwe can stick with what we have and allow for some ůextra" features later
"extra" 		[11:36]
gourgour nods
:thumbs-up:
i must admit that without your plugin i'd not migrate to Tiki and would either stay with static-site-generators which are problematic when one tries to plumb the holes (search feature, forms etc.) or i'd have to use something like Grav where one have to fight with plugin incompatibilities (https://pluginproblems.com/Modules-Extensions)
besides 'attributes' extension, now i'll try to tackle things like https://dev.tiki.org/tiki-view_tracker_item.php?trackerId=5&itemId=7088 		[11:36]
luciash: btw, the danger of html_input is for comments only or in general? [11:48]
luciashgour: for comments? [11:48]
gourluciash: blog comments
or anyone can do damage to the Tiki instance? 		[11:49]
luciashgour: nope, in general for every Tiki textarea input where wiki syntax and plugins can be used [11:49]
gouri see [11:50]
luciashit is to prevent breaking your site layout for example, imagine someone would put unclosed html tag in there and you will have hard time to edit the page then to repair it
not impossible to edit that but would be a PITA 		[11:50]
gourok...ability to enable params in plugin, will be good-enough [11:51]
luciashnot mentioning JS attempts to damage your site/users [11:52]
........ (idle for 39mn)
Jyhempolom
html input looks nice because the possibilities are infinite. BUT there are so many issues :-(
First: it goes against the whole point of markdown. If you know html, theoretically you don't even need markdown. (Note that we already have a HTML plugin)
Second: site could be defaced like luciash mentioned
Third: people can embed malware in the page.
Fourth: it leads to people trying to allow "safe" subsets of html and "filter" the rest which makes the whole thing overcomplicated, impossible to maintain, not intuitive to users (some stuff works, other doesn't), with ugly side effects. Like we have <x>s popping up and destroying content in seemingly random places now 		[12:31]
gourJyhem: i've got it...however, will try to make that 'attributes' extension work [12:37]
JyhemI think the way this is going is, we will end up having two plugins. One safe one starting with one mardown flavor and ending with a selection of markdown flavors, which can be used by anyone
Another one which is unsafe which requires content validation and which will allow dangerous stuf.
That's what was done for pluginR and pluginRR
One is safe and the other just wraps the other but it allows dangerous and powerful R commands and requires validation
Some people tried having option-level validation and I think it was confusing users.
Anyway, +1 to luciash's strategy: get something useful in Tiki20 which can be extended later on.
bbl 		[12:38]
gourinteresting... [12:49]
.............. (idle for 1h5mn)
jonnybjoined #tikiwiki [13:54]
....................... (idle for 1h53mn)
gourjoined #tikiwiki [15:47]
.... (idle for 19mn)
gour_joined #tikiwiki [16:06]
...................................... (idle for 3h6mn)
gourjoined #tikiwiki [19:12]
........................... (idle for 2h11mn)
Jyhem_laptopjoined #tikiwiki [21:23]
←Prev date Next date→ Show only urls(Click on time to select a line by its url)