IPB, BBCode, and concerns about it's future

[Ronald Epstein]

Just to offer a return comment...

Using the clipboards to paste the information I wanted did not work.

The editor does not properly format information that has vertical columns.

Worse, when you post something and then go back to edit it, all kinds of HTML crap is introduced into the mix.

This really is a bad editor and I hope IPS is serious about upgrading it.

[Samourai]

Worse, when you post something and then go back to edit it, all kinds of HTML crap is introduced into the mix.

Yup ! I think that's what pisses off my members the most...

[Matt]

Just to offer a return comment...

Using the clipboards to paste the information I wanted did not work.

The editor does not properly format information that has vertical columns.

Worse, when you post something and then go back to edit it, all kinds of HTML crap is introduced into the mix.

This really is a bad editor and I hope IPS is serious about upgrading it.

What you need to do is ask the administrator to enable HTML posting for your member group but you must only enable this for trusted member groups as allowing full HTML posting to be made allows you to post javascript and other items that can be used to leverage an XSS attack. But for admins and moderators, there's no reason you can't have this enabled.

The issue isn't that the editor is broken or adds "all kinds of HTML crap", it's just that it is doing exactly what is asked. It's taking your raw content and stripping out undesirable elements and formatting that can be used to break the board's display and items that we don't have BBCode for (such as tables).

I understand that it doesn't give you the result you want, but it's an important distinction to make.

It's actually very difficult to get the balance right with allowing rich mark-up but denying items that can be used to break the board. For example, it's highly likely that a lot of content that you copy and paste is styled by external CSS which won't be copied across in the text's meta-data. Also, you may find some content has inline styles such as background colour which we strip. We also have to strip "class" attributes to prevent people from copying and pasting IP.Board CSS classes that may disfigure the topic.

If you do see "HTML crap" when you go to edit the post, then that would be a bug and I'd urge you to post a bug report. However, if you DO have HTML posting on and you are seeing the raw HTML code, this is because when HTML mode is used, we disable CKEditor so you have to edit the HTML by hand. The reason we do this is that a substantial number of customers use HTML posting to add in complex ad tracking javascript or complex affiliate links which CKEditor in an attempt to make the content safe strips.

[Samourai]

My members already met this bug without HTML enabled...

But I'll sure make a bug report if they can reproduce it.

[blair]

@Matt with all due respect, HTML crap, BBCode, tables and other annoying content are the lifeblood of forums.

I understand that it doesn't give you the result you want, but it's an important distinction to make.

Somehow along the way we seem to have forgotten that bbcode is short for bulletin board code. That forums grew out of BBS's, or bulletin board systems. Imagine outsourcing the pencil and paper from the college bulletin board? <sarcasm> Pencils and paper aren't important. We're more concerned with how the board looks, how people can take pieces of it home, and how people can share notes with people who aren't at the board. Write on it? How 1990!</sarcasm>. There is a path forward, but it has to honor the bb legacy.

[NewRockRabbit]

I think that the problem with the 3.4 editor goes beyond the BBCode and HTML issue.

I currently use 3.3.1 and the editor works fine for me. All my users want to do enter basic text, paste the odd image and text, and paste in links - no-one posting on my forum uses BBCode or HTML.

But if I update to 3.4, my users will lose the ability to simply copy / paste text, links etc into the editor if my use FF, 25% of my userbase. Now I'm sure there is a way round this, but nothing intuitive. I use a lot of forums and they all allow me to do a simple copy / paste into messages using FF - but not IPB 3.4.

I've reported this as a bug and been told its not a bug but a problem with FF. Be that as it may, its not a problem with 3.3.1 not other forums I use. Whatever the cause, it makes it impossible for me to upgrade to 3.4. This IS a problem with the 3.4 editor.

I think perhaps IPB is trying to create an editor to be all things to all users and this strategy is failing. Maybe IPB need to cover two distinct editors, one with all the BBCode bells and whistles etc and one, simple editor for those forums which need little more than a simple text, copy/paste function.

[Luuuk]

NewRockRabbit,

I don't know why you don't see this in 3.3.x, but I observed this from the very beginning. The Firefox bug you reported was already in 3.2.x when CKEditor was introduced. I recently upgraded from 3.2.3 to 3.4.3 and I don't see any difference in Firefox behaviour. The same problem with a context menu called from blank field (different "website" menu shown and no Copy/Paste options present) in RTE mode. The issue does not exist in BBCode mode.

A side note: these context menu items do not guarantee pasting a content and only one method that works for sure is CTRL+V. CKEditor explains: Cut, Copy and Paste. I think I've seen somewhere in Mozillazine an article how to allow JavaScript access to a clipboard, but it's a security risk anyway.

[NewRockRabbit]

I don't know why you don't see this in 3.3.x, but I observed this from the very beginning. The Firefox bug you reported was already in 3.2.x when CKEditor was introduced. I recently upgraded from 3.2.3 to 3.4.3 and I don't see any difference in Firefox behaviour.

Wierd - I went from 3.14 to 3.3.1 and have never had this problem pasting in FF in the IPB editor nor have any of my users.

Anyway, its such a basic requirement for an editor and FF has such a significant user base, that I'm simply amazed an editor is being used with such a significant usability glitch.

Just looked at my post and it says 3.49 undefined in the quote - where on earth did that come from????

[AndyF]

Just looked at my post and it says 3.49 undefined in the quote - where on earth did that come from????

Ignore that. That's here only due to updates, its just (or was) missing its am/pm indicator I did have a report open on it but local testing did not cause it. :smile:

[Rheddy]

Matt, I have to admit that when you toggle that first icon, that when the WYSIWY editor is turned off that it should naturally default to the HTML editor and not stick with the bbcode formatting. When I first started using 3.0, I found it odd that when you toggled that first icon that it was strange that the post box editor didn't switch to HTML. Is it possible for changing it so that when you toggle that first icon on the top row that instead of the post editor defaulting to bbcode that it actually switch to HTML editing?

[Marcher Technologies]

What you need to do is ask the administrator to enable HTML posting for your member group but you must only enable this for trusted member groups as allowing full HTML posting to be made allows you to post javascript and other items that can be used to leverage an XSS attack. But for admins and moderators, there's no reason you can't have this enabled.

The issue isn't that the editor is broken or adds "all kinds of HTML crap", it's just that it is doing exactly what is asked. It's taking your raw content and stripping out undesirable elements and formatting that can be used to break the board's display and items that we don't have BBCode for (such as tables).

I understand that it doesn't give you the result you want, but it's an important distinction to make.

It's actually very difficult to get the balance right with allowing rich mark-up but denying items that can be used to break the board. For example, it's highly likely that a lot of content that you copy and paste is styled by external CSS which won't be copied across in the text's meta-data. Also, you may find some content has inline styles such as background colour which we strip. We also have to strip "class" attributes to prevent people from copying and pasting IP.Board CSS classes that may disfigure the topic.

If you do see "HTML crap" when you go to edit the post, then that would be a bug and I'd urge you to post a bug report. However, if you DO have HTML posting on and you are seeing the raw HTML code, this is because when HTML mode is used, we disable CKEditor so you have to edit the HTML by hand. The reason we do this is that a substantial number of customers use HTML posting to add in complex ad tracking javascript or complex affiliate links which CKEditor in an attempt to make the content safe strips.

You missed the point Matt.

The exact users that are trying to copy and paste rich formatting including headers and tables into the CKE, the whole reason we even have a WYSIWYG, are NOT going to inspect the page, pull the HTML output, and paste it into the raw CKE HTML mode.

Thinking like a developer indeed. :smile:

[eGullet]

This is an interesting discussion to read, in part due to the particular types of forums which are having problems. On a board for tech-savy users, being able to post in raw BBCode, or raw HTML, can be a useful thing. This has historically certainly been true of the HTML option, since there are things that you simply cannot do in Invision's BBCode implementation (tables, for example). If you wanted a table you HAD to enable ALL HTML for that member group, and expose yourself to all the potential problems that entails.

On a non-tech board like mine, however, I'd love an alternate solution: ONLY the RTE, with no ability to edit the raw code at all, but full support for any of the HTML the editor can deal with. This would mean that my members couldn't insert arbitrary Javascript, or forget to close a tag, since they'd never see anything but a normal WYSIWYG word processor. There would be no way for a bad post to mess up the formatting of the page, or for it to inject malicious JS, etc. Pasting formatted text into the editor would "just work" (at least, the same way it "just works" in MS Word, or in a Huddler board: maybe not 100% perfect, but a far cry better than what we've got now). This is analogous to using MS Word to create a document instead of LaTeX: yes, you have no direct access to the formatting, but it's a LOT easier for non-tech members to use, and it would just let CKEditor do what it is good at.

I guess under the hood what you'd need is something like a "legacy" field attached to each post, and an option on the ACP to disable raw editing (which would automatically enable HTML). The legacy field indicates to the board which method to use when rendering a post: posts made before the switch have it set to true and use the current scheme, and new posts have legacy=false and just display the post however CKEditor has stored it.

[msg]

For those who wonder what CKeditor can do

http://ckeditor.com/demo#full

It is a full feature demo

• Double click the picture on the right
• One nice thing is the show block, it visually show where block are
• I try to cut paste a screen capture and it seems to work fine no more we have to mess with attachment
• The link provide lots more control to where the link should open..

[Marcher Technologies]

This is an interesting discussion to read, in part due to the particular types of forums which are having problems. On a board for tech-savy users, being able to post in raw BBCode, or raw HTML, can be a useful thing. This has historically certainly been true of the HTML option, since there are things that you simply cannot do in Invision's BBCode implementation (tables, for example). If you wanted a table you HAD to enable ALL HTML for that member group, and expose yourself to all the potential problems that entails.

On a non-tech board like mine, however, I'd love an alternate solution: ONLY the RTE, with no ability to edit the raw code at all, but full support for any of the HTML the editor can deal with. This would mean that my members couldn't insert arbitrary Javascript, or forget to close a tag, since they'd never see anything but a normal WYSIWYG word processor. There would be no way for a bad post to mess up the formatting of the page, or for it to inject malicious JS, etc. Pasting formatted text into the editor would "just work" (at least, the same way it "just works" in MS Word, or in a Huddler board: maybe not 100% perfect, but a far cry better than what we've got now). This is analogous to using MS Word to create a document instead of LaTeX: yes, you have no direct access to the formatting, but it's a LOT easier for non-tech members to use, and it would just let CKEditor do what it is good at.

I guess under the hood what you'd need is something like a "legacy" field attached to each post, and an option on the ACP to disable raw editing (which would automatically enable HTML). The legacy field indicates to the board which method to use when rendering a post: posts made before the switch have it set to true and use the current scheme, and new posts have legacy=false and just display the post however CKEditor has stored it.

Just to be 100% honest, this has been the user beef since 3.2.

The editor as it stands is not a WYSIWYG, not *really*, it's been stripped/modified for bbcode compatibility, thus what you see is not what you get when you paste complex formatting like tables .

Conversely, bbcode itself can do something a WYSIWYG cannot. That being taking a short tag one can manage/copy/paste easily, and expanding that into robust HTML. Take Custom bbcodes out, the reason the WYSIWYG is stripped, and you have a large amount of peeved admins.

Catch 22.

[Luis Manson]

Im not sure where the problem with the editor lies, i came to this tread while i was looking for a section to put my rant about the editor, i was translating a long post from a vb forum and also copy/paste some areas

from the begining i had issues with a simple numbered list...i was NO able to do something as simple as a numbered list with empty lines betwheen the list items, i had to switch back and forth between WYSIWYG and source mode and append carriage returns in various places just to add a some lines between text and images, the indent function and maybe some others like to style the text as they want...yes another pain in the a** I wanted to also add something as simple as:

ITEM

sub item

but in my case is just moved all the lines, not just the selected ones...again to add/move code by hand...

At this point i really dont know what the problem is, i know the editor is a complex thing, but every time i want to use more than color/b/i/u/size options i end up toucing the post "source code" a few times, and i rather would like to use that time to make a post, if i wanted to do this stuff i would use a wiki not a forum with a RTE

At this stage im calling the editor WYSI(Not)WYG

Really people, in theory the idea about BBCODE sounded great but dont leave it behind, its a really important thing in forums since long time and compatibility with it should be MUCH bether. if it werent because of content and nexus i would switch back to vb

Now i see Marcher's post...why not an option somewhere called "Old school working mode" where it works in BBC only mode ?

[Ronald Epstein]

For those who wonder what CKeditor can do

We just came from a platform that had CKeditor before we moved here.

100% better than what IPS is using, based on the needs of my site. We are constantly cutting and pasting press releases.

You can cut and paste anything in CKeditor and it retains proper formatting, retains feature-rich text, and will even copy/paste pictures without having to individually upload each one.

The editor on IPS is a huge step backwards. For those sites who just do simple text uploads I am sure it's fine. For those that need to be more dramatic, the editor on IPS is primitive.

I am staying optimistic this will be improved in future versions

[Wolfie]

This would mean that my members couldn't insert arbitrary Javascript, or forget to close a tag, since they'd never see anything but a normal WYSIWYG word processor. There would be no way for a bad post to mess up the formatting of the page, or for it to inject malicious JS, etc. Pasting formatted text into the editor would "just work" (at least, the same way it "just works" in MS Word, or in a Huddler board: maybe not 100% perfect, but a far cry better than what we've got now). This is analogous to using MS Word to create a document instead of LaTeX: yes, you have no direct access to the formatting, but it's a LOT easier for non-tech members to use, and it would just let CKEditor do what it is good at.

Maybe I'm mistaken, but I thought that there were purifiers used that pretty much protected against this and, in a sense, made it so that allowing HTML in posts wasn't as dangerous as it once was.

from the begining i had issues with a simple numbered list...i was NO able to do something as simple as a numbered list with empty lines betwheen the list items, i had to switch back and forth between WYSIWYG and source mode and append carriage returns in various places just to add a some lines between text and images, the indent function and maybe some others like to style the text as they want...yes another pain in the a** I wanted to also add something as simple as:

ITEM

sub item

but in my case is just moved all the lines, not just the selected ones...again to add/move code by hand...

Report it in the tracker.

Really people, in theory the idea about BBCODE sounded great but dont leave it behind, its a really important thing in forums since long time and compatibility with it should be MUCH bether. if it werent because of content and nexus i would switch back to vb

That's like saying you'd prefer to die than to wait out a minor headache.

[Luis Manson]

i cant quote you Wolfie :

About:

That's like saying you'd prefer to die than to wait out a minor headache.

its not a minor headache when one of the basic tools which composes the idea of a forum acts weird (weird because its not fully broken...)

What if the whole way of composing mail messages changes in you client of choice and if you try to use the traditional way It would involve in you looking in mail headers and stuff like that after every few lines you type?

Right after i posted in this thread i got a post from a member complaing just about the same stuff as almost everyone here, and its not the first time, most of us can fix this perks while posting, but not all forum sers know BBcode/HTML and that kind of stuff for working arround editor weirdness

[eGullet]

The editor as it stands is not a WYSIWYG, not *really*, it's been stripped/modified for bbcode compatibility, thus what you see is not what you get when you paste complex formatting like tables .

Conversely, bbcode itself can do something a WYSIWYG cannot. That being taking a short tag one can manage/copy/paste easily, and expanding that into robust HTML. Take Custom bbcodes out, the reason the WYSIWYG is stripped, and you have a large amount of peeved admins.

Absolutely true: my suggestion is that Invision basically make a "clean break" with the past by retaining their old parsing method for old posts (so nothing breaks) but adds a flag to each post in the DB indicating which method to use. Admins who were dependent on custom BBCodes and wanted to continue using them could keep using the legacy editor, but those who didn't need them going forward could switch to a clean, full-featured version of CKEditor without breaking anything already in the database. I'm not familiar enough with CKEditor's backend to know what sort of alternative we could provide for custom BBCodes, but I think ideally just allowing admins to create new buttons in the toolbar that executed whatever JS they wanted (pop up a dialog with some option boxes, etc.) and returned an HTML string as a result would do the trick, right?

[eGullet]

Maybe I'm mistaken, but I thought that there were purifiers used that pretty much protected against this and, in a sense, made it so that allowing HTML in posts wasn't as dangerous as it once was.

I believe this is true as well, but Invision continues to recommend only enabling HTML for "trusted" groups (which basically means mods and admins).

[Wolfie]

i cant quote you Wolfie :

Why not?

its not a minor headache when one of the basic tools which composes the idea of a forum acts weird (weird because its not fully broken...)

So the issue is that it's not fully broken?

I believe this is true as well, but Invision continues to recommend only enabling HTML for "trusted" groups (which basically means mods and admins).

I was sure I had read that but wasn't sure. If it is true, then the recommendation to only allow HTML for trusted groups would be somewhat moot but still a good precaution. After all, why leave the front door unlocked even if there are supposed to be armed guards protecting it?

[eGullet]

I was sure I had read that but wasn't sure. If it is true, then the recommendation to only allow HTML for trusted groups would be somewhat moot but still a good precaution. After all, why leave the front door unlocked even if there are supposed to be armed guards protecting it?

Because if you left it unlocked you would gain all sorts of benefits? OK, OK, the analogy breaks down here :smile: . Enabling HTML posting would have resolved the original poster's issue, I think, allowing CKEditor to do its thing and properly format the pasted content, right?

[Wolfie]

Because if you left it unlocked you would gain all sorts of benefits? OK, OK, the analogy breaks down here :smile: . Enabling HTML posting would have resolved the original poster's issue, I think, allowing CKEditor to do its thing and properly format the pasted content, right?

lol no.. Unlocking a feature, even with safety guards in place, is still dangerous.

[Passion]

what i don't understand is why IPS don't seem to be listening to its customers at all. I like IPB content is unmatched but the editor is a pain to use so many times ive had broken bbcode and had to fix it. Why not just give the customers what we ask for instead of pushing something we don't want even pushing customers to other software. from what ive read no one is happy with this so why keep going with it.

[broni]

what i don't understand is why IPS don't seem to be listening to its customers at all. I like IPB content is unmatched but the editor is a pain to use so many times ive had broken bbcode and had to fix it. Why not just give the customers what we ask for instead of pushing something we don't want even pushing customers to other software. from what ive read no one is happy with this so why keep going with it.

I've been asking the very same question in different topics since 3.2 came out (over a year ago?) and I never got any straight answer.

I don't want to start palm reading but maybe there is some kind of (monetary) deal between IPS and CKEditor people...

I dunno...