[Drupal] drupal meetup today @ 3pm

Wed Jan 7 17:13:54 EST 2015

> Did you get a chance to talk about Ckeditor at the last meeting?

A little. I don't think there was any solution to the class stripping issue. That said there might be two separate problems.

I think fisher was having a problem with the wysiwyg_filter module which, if memory serves, was stripping classes that begin with a hyphen. Apparently, "-1class-name" is invalid but "-class-name" is valid and wysiwyg_filter doesn't handle that correctly. There's an older issue that discusses this a little here and a dated patch.
https://www.drupal.org/node/835202

htmlpurifier and to a lesser extent htmlawed might be legit alternatives to wysiwyg_filter as they do similar things.
https://www.drupal.org/project/htmlpurifier
https://www.drupal.org/project/htmlawed

We used purifier in 6 but adopted wysiwyg_filter as the more standard solution in 7. purifier is a lot more complex.

Ckeditor's ACF filters are a different matter. I think we turn it off as does ODEE based on their UCR code. In our case I think we hit some issues with media. If you wanted to do the same it's under the wysiwyg profile under "cleanup and output". In the same place you can specify what content is allowed.

The ACF announcement (http://ckeditor.com/blog/CKEditor-4.1-RC-Released) says it's not security related so I assume they prevent XSS attacks some other way. That said, there are some usability gains to getting it configured right.

Incidentally, we keep our text formats and wysiwyg profiles here
https://code.osu.edu/openosu/osu_text_format
https://code.osu.edu/openosu/osu_wysiwyg

And ODEE has a lot of good code in their group.
https://code.osu.edu/ocio_odee_web/ocio_wysiwyg

WYSIWYG and text format configurations tend to be tightly coupled to site decisions (like media or linkit) so they may not work well out of context.

Speaking of linkit, it has a security announcement/release for an xss vulnerability today. I know that's a pretty popular one.

Best,
Jason

________________________________
From: Drupal [drupal-bounces at lists.osu.edu] on behalf of Hoover, Ellen [hoover.5 at osu.edu]
Sent: Tuesday, January 06, 2015 10:59 AM
To: Drupal users list
Subject: Re: [Drupal] drupal meetup today @ 3pm

Happy new year all,

Did you get a chance to talk about Ckeditor at the last meeting? Did anyone find a solution to the class stripping issue?

Thanks,

Ellen

Open Discussion
Possibly apache solr, wysiwyg/ckeditor
Thursday, Dec 18th @ 3pm
Bolz 230 on main campus

There will be plenty of cupcakes.

Best,
Jason Little
Engineering

________________________________
From: Little, Jason
Sent: Thursday, December 11, 2014 9:13 AM
To: drupal at lists.service.ohio-state.edu<mailto:drupal at lists.service.ohio-state.edu>
Subject: drupal meetup | reschedule

The monthly Drupal meetup would normally be today.

However, I didn't get any of our regular main campus rooms booked in time (sorry) and a number of us had a conflict come up.

So instead, we'll do the meetup next week at the usual time. I've tentatively reserved Bolz 230 on main campus.

Open Discussion (probably search and solr too)
Thursday, Dec 18th @ 3pm
Bolz 230 on main campus

Sorry for the inconvenience and last minute reschedule. I'll bring some holiday snacks next week to make up for it.

Best,
Jason Little
Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/drupal/attachments/20150107/32531ac2/attachment.html>