[Tickets #12599] Re: ckeditor update

noreply at bugs.horde.org noreply at bugs.horde.org
Fri Aug 23 09:29:04 UTC 2013 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12599
------------------------------------------------------------------------------
  Ticket             | 12599
  Updated By         | l.kiraly at madalbal.hu
  Summary            | ckeditor update
  Queue              | IMP
  Version            | Git master
  Type               | Bug
  State              | Not A Bug
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


l.kiraly at madalbal.hu (2013-08-23 09:29) wrote:

>>> Yes it does.  I can verify dragging/pasting images work just fine in IMP.
>>
>> For me it doesn't work. If I copy an image to the clipboard, and
>> paste to the composing field, I got only this in the html source:
>
> Works fine for me.  You must use the paste button (not the paste  
> plain text button).

I tried with CTRL-V, drag&drop, pushing the "paste from word" button.
None of them work, but in the same site all method work with the  
installed ckeditor.

Can cause it an IMP setting?
I enabled firebug during the operation, but no error appeared. Nothing  
happened.

>>> We disable pasting non-plain text for various security and resource
>>> limitation reasons.

Yes, security could be a problem if the user copy from foreign sites.
In my case, the user copy only from our site so it isn't a problem.
Because of this restriction the usability is drastically reduced.
The user have to save contents to the disk, than attach each, even  
it's only a simple html snippet.
It increases the working time a lot, and in a html formatted mail it's  
nonsense to attach html contents.

>> It's a work performance killer.
>> Can you please at least make this optional, with a setting?
>
> No.  But its open source software so you can feel free to edit as  
> you see fit and open security holes and allow users to bypass ALL  
> resource restrictions if that's what you want.

The security hole is the USER in this case.

Assume there is a html table with harmful elements, what the user have  
to send to his partner.

In this case, he will do that, because he doesn't know, there is a  
harmful content that he doesn't see.
He only have a task that he has to do somehow. So if he can't paste,  
he will attach it.
He won't paste it as a clear text because this table will be  
unreadable and useless.
Will you win, and prevent infecting the receiver's computer? No,  
because the receiver also needs the information of this content, and  
he will open the attachment.

You only hardened the usability of IMP.


About changing the software: Yes I can change it, but what about the  
future maintenance?
In every update I have to check inconsistency.
You do not want me to do that?

More information about the bugs mailing list