Forum issue: forum uses 5 year old version of CLEditor

GordonMcComb

In researching the HTML editor used with Vanilla, I discovered the version being used is an old and deprecated one, first released almost five years ago. There have been numerous bug fixes since then, including some that may effect security.
A later version may address some of the functional issues users have been experiencing.

Jim Ewald

I am sure that a later version does address a few issues related to WYSIWYG. The Vanilla folks are looking for someone to take over maintenance of that plugin. We appear to have several members who have the chops to do this. Perhaps someone can volunteer to help them out.

GordonMcComb

I volunteer Heater! He loves JavaScript. I loathe it.

Heater.

Love JavaScript.
Hate HTML, CSS, the browser DOM and jQuery.
No doubt if I messed with cleditor it would end up a worse security  problem than it is now,
Anyway, when to comes to the security of the thing, that has to be taken care of in the input sanitizing on the server end. One should never trust that the client side JS for that.
Presumably that is PHP and I would rather not go anywhere near that nightmare.   

bobjr

It seems to me that Vanilla ditched cleditor, and switched to "Advanced Editor" on February 28, 2015 (https://github.com/vanilla/vanilla/commits/master/plugins/editor).I don't know if Parallax is using the open source or the paid version, though I would assume the later, and it may just be that far behind. Any idea on how to figure out the version of Vanilla being used?

Heater: I completely disagree! PHP is my prefered language for web server stuff, and anything js I call up a friend.

Jim Ewald

It does look like they have made progress on the editor plugin. When we last looked at it, it was nowhere near ready for deployment. We will drop it into one of our dev systems and take it for a spin, so to speak.

bobjr

When you do, let us/their issues tracker know what problems you find! I will gladly contribute if I know where it needs attention.