| <?xml version="1.0" encoding="UTF-8"?> |
| |
| <!-- |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| --> |
| |
| <ui:composition template="/main.xhtml" |
| xmlns="http://www.w3.org/1999/xhtml" |
| xmlns:tc="http://myfaces.apache.org/tobago/component" |
| xmlns:ui="http://java.sun.com/jsf/facelets"> |
| |
| <tc:section label="A WYSIWYG HTML Editor"> |
| <p> |
| You can embed HTML editor in Tobago easily, |
| but there is no HTML editor component in Tobago. |
| The reason is, there a many web-based editors in the web available, with different |
| licences, different features (and different bugs). |
| </p> |
| <p> |
| So Tobago should not implement it's own HTML editor. |
| But Tobago may embed an existing editor. Such an editor needs to comply with these requirements: |
| </p> |
| <ul> |
| <li>License must be compatible with the Apache 2.0 license.</li> |
| <li>Should be easy to integrate.</li> |
| <li>Should have many features.</li> |
| <li>Should have few bugs.</li> |
| <li>Must be compatible to CSP (Content Security Policy).</li> |
| </ul> |
| <p> |
| Unfortunately we didn't found the <em>perfect</em> editor. |
| </p> |
| <p> |
| But that doesn't matter. You can choice you favorite editor and integrate it in your application. |
| In this application there are two editors embedded as an example. |
| </p> |
| <ul> |
| <li><tc:link label="TinyMCE" link="https://www.tinymce.com/" target="_blank"/></li> |
| Is using LGPL license. |
| <li><tc:link label="CKEditor" link="http://ckeditor.com/" target="_blank"/></li> |
| Doesn't work with CSP activated. |
| There is an issue #8584 in the |
| <tc:link link="https://dev.ckeditor.com/ticket/8584" target="_blank" label="issue tracker"/> |
| of the project. |
| </ul> |
| </tc:section> |
| <tc:section label="About Security"> |
| <p> |
| The application should be protected against invalid or malicious HTML content. |
| If the application uses an HTML editor in the browser, an attacker is able to modify the clean code |
| and submit malicious code. |
| That must be checked on server side! |
| </p> |
| </tc:section> |
| </ui:composition> |