BBCode, as far as I understand restricts the user to a set of tags to be used in the message. Its not WYSIWYG and most user unfriendly.
If I get this right the CKEditor strips out all the tags except the once allowed. I tested it with a JavaScript alert and it didn't show. So the risk for code insertion should be quite low.
I am new to CKEditor and there might be other reasons not to use it in an forum environment. If so I would really like to know what they are.
As you said BBCode is different from HTML. In the simple case it's just a subset of tags that can be easily mapped to HTML and viceversa, but the problem is that in many forums there are special BBCode tags that aren't mapped to just a single HTML element, so trying to edit them becomes a little more complex, the QUOTE tag is such an example because it typically includes the user name, date, link to the post... but there is no single HTML element that represents all that information in the same way.
Now you just have to include all the possible extensions that are placed in forums and you get something that it's far more complex than the classic HTML.
PS: the fact that a script doesn't run inside the editor doesn't mean that the script is being removed, just that while the page is being edited the scripts doesn't run, but if you save the content and launch that page then the alert will show up. Or you can just try to click the "preview" button.
Re: Why not CKEditor
Re: Why not CKEditor
BBCode, as far as I understand restricts the user to a set of tags to be used in the message. Its not WYSIWYG and most user unfriendly.
If I get this right the CKEditor strips out all the tags except the once allowed. I tested it with a JavaScript alert and it didn't show. So the risk for code insertion should be quite low.
I am new to CKEditor and there might be other reasons not to use it in an forum environment. If so I would really like to know what they are.
Cheers
Re: Why not CKEditor
As you said BBCode is different from HTML. In the simple case it's just a subset of tags that can be easily mapped to HTML and viceversa, but the problem is that in many forums there are special BBCode tags that aren't mapped to just a single HTML element, so trying to edit them becomes a little more complex, the QUOTE tag is such an example because it typically includes the user name, date, link to the post... but there is no single HTML element that represents all that information in the same way.
Now you just have to include all the possible extensions that are placed in forums and you get something that it's far more complex than the classic HTML.
PS: the fact that a script doesn't run inside the editor doesn't mean that the script is being removed, just that while the page is being edited the scripts doesn't run, but if you save the content and launch that page then the alert will show up. Or you can just try to click the "preview" button.
Re: Why not CKEditor