Wysiwyg editor security

[feihlination]

googled for quite some time, didnt find anything small and nice.

i wanna use a wysiwyg editor for a certain project. problem is, it is only really functional if users CAN edit a lot of things. starting from font/bg colours, sizes, bold/italic, tables, images and going as far as audio/video embeds.

really what shouldnt be allowed is some horseshit other html tags and script languages.

i looked into html purifier and i am not sure if it fits the bill and how long it would take me to configure it properly. thing is HUUUGE and kinda slow too. obviously it is was jesus would use if he was a programmer, but idk if it isnt an overkill for me.

also wondered if it was faster to write a "cheap" whitelist myself in PHP?

stuff like this normally was already done. most google results deal with COMPLETE sanitation, like stripping ANY tags for names/passwords and such shit, but i am not necessarily successful finding a small solution that allows wysiwyg-type of input with all the corresponding tags.

maybe its a longshot, but i know there are a few programmers on here who could give me some tips or at least send me a link or whatever to point me in the right direction.

 

[iSmokeweed]

i have no idea how to pronounce your username

 

[bermbuster49]

not gonna lie had to google wysiwyg hahaha

but its kinda hard to understand what you want, probably need more details on the actual assignment

What level programmer are you? i mean you can always build it from scratch but i dont know what your requirements are and whatnot/ if your allowed.

maybe look into microsoft visual studio, i feel like that could easily implement what you need, not exactly a wysiwyg editor but its pretty close in the one view

 

[Rachy]

I just use tinymce

ckeditor looks prettier but i find the end result to contain more tedious markup.

 

[feihlination]

what i meant basically was that no matter which editor i use, i have to make sure that the input is not containing some sort of javascript. but i need a high level of functionality on the other hand.

@ the other guy up there:

its a survey software where customers can create questions/other elements that will be shown to the respondents. now to give the customers full responsibility to edit/customize the elements, i would like to offer them the possibility to include images and videos.

i might forget about the video thing for a the first period and make a designated "youtube template" later on.

i just need to find a way to clean the input and strip it of all tags (except styling/design tags) that could pose some kind of problem.

my level of expertise is decent i would say. this project has easily 10,000 lines of code. its definitely not mega complex but was a lot of work and i build a lot of parts from scratch. i am just not sure whether or not it is worth it

its kind of specific, thanks for the help but i will now fight my way through customizing htmlpurifier.