Comments Submission

I continued to my Blog development. In the comments text area of comments submission, my original implementation did NOT allow any HTML tag. It was mainly due to security reasons. However, this made the text of comments looks dull. I think it is better to allow some simple formatting tag e.g. <p>, <b>, <i>....

After did some survey on the web, I found the most popular technology is BBCode. BBCode defines a set of tags in form of "[xxx]" which will be converted to HTML tags. For example, "[b]bold text[/b]" is converted to "<b>bold text</b>". There are several free BBCode parsers available. It is convenient to deploy this technology.

One disadvantage of BBCode is not user-friendly. Users need to learn a new set of code. I thinks it is better to have a WYSIWYG editor. Unfortunately, I cannot find any web-based WYSIWYG editor for BBCode.

On the other hand, I found some open source web-based WYSIWYG HTML editors. It is great! I have tried the Cross-Browser Rich Text Editor and it works well in both Firefox and IE.

However, it is not secure to accept all HTML tags. On server side, it should filter out some dangerous tags, e.g. , .... There already exist some HTML filters. One of them is safehtml. Finally, I decided to use the WYSIWYG HTML editor plus HTML filter.