This project has moved and is read-only. For the latest updates, please go here.

CKEditor 3.0 ?

Sep 17, 2009 at 6:38 PM

Stephen,

Just wanted to start by saying thanks for all your work on Ticketdesk.  It's really a great application we've been using it for ~6months and have been happy... 

Just wanted to comment on the latest build and the new editor.  While I completely understand why you switched editors, as we've also run into the issue where the HTML in the emails blows up for some reason, I can't say I'm overly thrilled with the Markdown editor...  Now, it's not that I don't like Markdown...  Actually, I really like the concept..  It's just that it seems to be a step backwards.

First off, copy and paste into the Markdown editor is nowhere near as good.  All formatting is lost when copying from web pages or Word docs...  Things like tables, or items from Excel, which copied as HTML tables in fckeditor just copy as a mash of plain text in Markdown.  It really just creates a mess in most copy / paste operations.  (and yes, I know that these copy paste operations are often what caused the HTML in the email notices to blow up...)  The mess that can come from pasting text from a web page or some other app is really just intolerable (paragraphs all run together, lists get turned into an string of words on the same line, etc)... 

Second, Markdown is confusing for end users.  End users have gotten too used to WYSIWYG editors....  For example: the concept of having to end paragraphs with two spaces is confusing and / or easy to forget...  Either that, or users have to remember to hit Enter twice at the end of their paragraph.   When a user hits the Bold button, they expect to get Bold text, not four asterisks for them to type between... 

I'm not saying that end users can't be trained...  But their tolerance for learning a "special" markup language just to report trouble is not going to be high.

Personally, I'd rather live with the HTML-email-blowup quirk of FCKeditor than Markdown. The end user experience is so much better when filing and responding to tickets.  On that note, have you looked at CKEditor 3.0 (renamed FCKeditor, http://ckeditor.com/) as the replacement instead?  Maybe they fixed the bug that blows up the HTML email? What about the editor that Codeplex uses for these comments (don't know what it is, but it seems to work well) ?

Thanks for taking the time to listen. 

Sep 18, 2009 at 5:24 AM

The input is very much appreciated, and if you have more please post it up.

Once of the minor goals with using a markdown based editor in this release of TicketDesk was to gather some experimental information about end-user acceptance for this kind of editor. Of course the major reasons for replacing the FCKEditor in the first place were purely technical.

There are four major problems I am trying to address:

  1. The FCKEditor in TicketDesk 1.x has problems, especially with IE 8, where submitting a form sometimes omits the editor's text. My own users have been very vocal about how having to re-type their information makes them feel :P
  2. HTML editors in general all suffer from serious issues with copy/paste HTML and the damage that can do to the site's formatting or functionality. 
  3. Then there are script injection attacks. TicketDesk was designed for internal use where the risk level is "unlikely" and the impact would be "minor to moderate", but there are many people requesting that TicketDesk better handle external users scenarios. In those cases script injection risks rise to "highly probably" and impact becomes "severe".
  4. And the final problem is that the ajax support in webforms using update panels and the ajax control toolkit are... well... crap. When I picked FCKEditor a year and a half ago, I did so because none of the 7 other open source editors I preferred more would work with the ajax stuff.  I like FCKEditor, but not for end-user facing systems. It is too big, too slow, and I end up turning off 90% of the features anyway. I love the FCKEditor for admin tools and applications where the users are technically competent and there is a strong need for full featured editing with all the extras.

So basically, for TicketDesk 1.2.3 I was in a pickle... I needed a fast solution, especially to problem #1 (submit losing the comments), but I needed something that didn't require that I re-code the entire UI to work around the anti-social behavior with ajax and the toolkit. 

I also had been considering MarkitUp with Markdown (or the WMD editor variant that stackoverflow uses) for quite a while. Markdown as a syntax eliminates almost all of the problems from copy/paste formatting and script injection (when combined with an HTML sanitizer).  And since the MarkitUp! editor itself is very simple, it plays well even with the Ajax Toolkit. 

I'd have preferred to use the WMD editor... I like the UI behavior a lot better, but WMD is a mess and also hates the ajax and toolkit stuff in webforms. It also doesn't look like WMD code base will be getting developed any further either.  

When debating this I did asked for input both my own users as well as a couple of the larger companies using TicketDesk. They mostly indicated that the help-desk would be comfortable with markdown. Most also indicated that end users didn't really need many formatting features. An analysis of my own database of 5000 or so tickets from 100 or so users showed that nearly ALL of the HTML was from cut/paste, and that very little of that HTML was really necessary. Course they don't paste in tables or stuff from Excel much either. 

There was a lot of concern over the loss of copy/paste from word documents and email, but most agreed that users could attach heavily formatted documents instead... especially given the problems copy/paste had been causing.

It was NOT a unanimous opinion by any means, and none of us had any real data on end-user acceptance for markdown or similar syntaxes. There is a lot of acceptance generally among technically advanced users, but as far as I know no one has used it for any end-user facing products yet.

Since I have plans to increase the scope of TicketDesk 2.0 to include those hotly requested external user scenarios, markdown also seemed a good option to avoid script injection issues.

anyway... enough about the why and how.

If you want to continue using the rich HTML eidtor, just stick with TicketDesk 1.2.2. There is nothing really significant in 1.2.3 other than the new editor and it isn't looking likely that I'll do a 1.3 version. Instead,  TicketDesk 2.0 is likely to be the next release version.

For TicketDesk 2.0 I'm currently working with the markdown editor, but I am planning to revisit the rich HTML editors too. I want to enable the admin to choose which to use. Since 2.0 sits on the ASP.NET MVC framework, we shouldn't have the problems with compatibility like we had with webforms update panels and the toolkit.

What I plan to do in 2.0 is find an HTML editor with a smallish feature set then use a white-list based HTML sanitizer to heavily limit the HTML that is allowed. Hopefully when users do their copy/paste best to kill the app, the sanitizer can limit the damage. I also plan to allow an option of "no editor"... especially for those external use scenarios where giving HTML editors is too risky and markdown too "unusual" for the end-users.

But after having forced markdown on my own users (which was actually a lot easier than I expected) and having seen how well it is working out here, I know that my own shop will likely want to continue using markdown... if nothing else, it keeps that "one user" we have from using really horrible font and color combinations... which has made several people VERY happy. 

I'm also planning to dig into the javascript for MarkitUp! and see about hacking in a few behavior changes. The one I want most is to have the editor handle line and paragraph wraps the same way most of the HTML editors do  (CTRL + ENTER or SHIFT + ENTER for a line wrap,  and ENTER alone for paragraph break). 

Anyway... any suggestions or input is greatly appreciated so if you have other ideas please bring them on!

 

 

 

 

 

 

Sep 18, 2009 at 5:15 PM

Stephen,

As always, thank you for your level headed, well reasoned and well thought out response...

1) I agree with you that the issue with fckeditor blowing out responses on tickets is extremely annoying.  It's the primary reason I always have ticketdesk open in a Firefox window.  We've found other internal web applications that also have quirks with IE8, which is one reason we haven't deployed IE8 widely yet.  I wish we could check Ticketdesk off that list and keep the rich editor.  :) 

Aside: I swapped to FCKeditor 2.6.4.1 (I think you had 2.6.3?) and it doesn't resolve the IE8 issue.  There's still nothing in the CommentText= field in the POST when the app fails to take a comment. It's like IE8 just ignores the editor.

 

2) I think Ticketdesk does a great job handling copy & pasted HTML.  The only issue I've ever run into in this regard is the email notifications that occasionally blow up.  I haven't been able to exactly hunt down which tags blow up the notifications though.  It's something within the email generation code that just bombs out... (Any idea?)

3) I agree script injection is a big concern.  It's especially important as you allow external access.  However, fckeditor and other HTML / WYSIWYG editors are used in other open apps... I've primarly used them in DotNetNuke...  Maybe you can borrow the script cleaning code from DNN?  <wink>

4) I can't begin to comment in depth on AJAX... as I've mentioned around here before, I'm a hack at programming, and even that's being generous to my skills.  ;)

AH well, I'd write more, but I have to go do "other" real work....  For now I'll stick with TD 1.2.2...  Having a choice of editors in TD 2.0 would be fantastic.   If you need someone to help test, we've got about 300 users, using AD integration, and have generated 996 tickets since April.  Small, but almost mid-size user of the app....  :)

Peace.