wysiwyg... or something like that.

[oracle]

Oh, you mean enabling some html tags? Aah, so which ones? I guess:

b, i, u, ol, ul, li, center (div?), a, ... ?

Any others? Are they a security risk?

[adosorken]

Having HTML enabled on a forum like this is a tremendous security risk.

[Jofers]

not formatting tags. but with stuff like <li> you could so some damage if you're not careful.

I think the best way is to convert html to bbcode before it's disabled. That removes the security risk almost entirely, though it increases the rendering time a *very* small fraction.

IE tends to generate <STRONG>, <EM>, <U>, <STRIKE> for formatting.

Mozilla tends to use <span style="font-weight:bold">, etc., but does use them separately so you can detect it like that. If you want, I can send a version with "useCSS" turned off. In this case, it generates <B>, <U>, <I> and nothing else different from IE.

If you want a verson with a source view button for testing, I'd be glad to make you one.

[oracle]

Hmmm, you're confusing me here. What you're saying as an order of events is:

User loads editor
User writes stuff
User sends page
HTML generated by user's browser for the formatting is converted to bbcode
Post stored in database

--

Post retrieved by database
Post formatted
Post displayed

Yes? So the editor is used to create text with embedded HTML, and I'll just have to convert that embedded html into bbcode rather than just running it through htmlentities.

If that's so, that's easy enough. But what happens if they put a <tag> into the editor? For example, if I'm posting HTML code?

[Jofers]

Maybe... here's the HTML generated by each browser, that I can observe:

MOZILLA GENERATES:
------------------
<b>...</b>
<i>...</i>
<u>...</u>
<strike>...</strike>
<font face="...">
<font size="...">
<font color="...">
_...
^...
<blockquote>...</blockquote>
<ol>...</ol>
<ul>...</ul>
<li>...</li>
<a href="...">...</a>
<img src="...">
<div align="...">...</div>


IE GENERATES:
-------------
<STRONG>...</STRONG>
<EM>...</EM>
<U>...</I>
<P align=...>...</P> <- For every line break!!
<DIV align=...>...</DIV>
<OL dir=ltr>...</OL>
<UL>...</UL>

<LI>
<DIV align=...>...</DIV></LI>

<FONT[ face=...][ size=...][ color=...]>...</FONT>
<A HREF="...">...</A>
<IMG SRC="...">...</IMG>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">...</BLOCKQUOTE>
<SUB>...</SUB>
<SUP>...</SUP>

You could probably get away with mozilla code by doing a bunch of regexes, but IE's would be a bitch to regexize.

I'll tell you what. I'm going to completely rewrite the button functionality of my scripts, and use each browser's [text]range object to insert the html myself, so the code matches. It might up the code a little bit, but what's a kilobyte or two? Plus, I can create buttons for some of the oddball bbcodes like "quote". To implement that "quote" and edit buttons the javascript would have to convert bbcode both ways, which I can implement.

Speaking of which, since the iframe isnt a form object, we might have to do a little work together to implement it all.

(PS... You want to continue this via PM?)

[oracle]

OK, via PM.