I have forgotten
my Password

Or login with:

  • Facebookhttp://facebook.com/
  • Googlehttps://www.google.com/accounts/o8/id
  • Yahoohttps://me.yahoo.com
Index » General » Open Forum »

URL vs. non-URL enocding

kreut\′s Photo
6 Sep 11, 10:41PM
(5 replies)
URL vs. non-URL enocding
Hello!

I have a question about the way that you guys encode formulas through your TinyMCE plugin. Basically, they're not URL encoded at present. Might there be a reason for this? I guess I'm trying to understand why on the Codecogs site there's even an option for non-URL encoding since it seems like URL encoded links are the correct way to go?

Thank you for your continued work on this project.

-Eric
CodeCogs\′s Photo
8 Sep 11, 2:21AM
Technically yes you can do URL encoding and everything will work perfectly. As you probably realise our rendering engine will accept URL encoding.

There are only two real reason we haven't used it:
  • If users want to edit the source code, non ULR-encoded equations (with some care for a few special characters) are easily read and understood. On the other hand you would be a very special person if you could read URL-encoding straight off. But this does raise the question, how many people use a WYSIWYG editor but subsequently also edit the HTML source?
  • our Non-URL encoding is actually shorter, on average.

Obviously, we have to encode certain components, which broadly consists of:
  • space -> &space;
  • plus -> +

It sounds like it would be good if we added this as an option within the plugin: to use URL encoding or not.

Thanks for the good question,

Will
kreut\′s Photo
9 Sep 11, 2:35PM
Will,

Thanks so much for your thoughtful response. I came across the issue because I was using htmlpurifier and it converted my links to proper URL coding; I agree that it's tougher to read, but I can't imagine why someone would want to edit the link in the html as opposed to just going back to the super cool WYSIWIG editor. Along the same theme, htmlpurifier wreaks havoc on my equations with "<" and ">" symbols to prevent attacks (it zaps them!). From a security standpoint, might it prudent, regardless of whether you add the url encoded option, to encode these two potentially dangerous characters on the Codecog side of things?

On another note, I'm in the process of beta testing a website (that I think I may have mentioned to you in an email many months ago), called www.myalgebrabook.com. I use Codecogs as the math coding both within the online book in addition to my TinyMCE integration which allows people to add practice algebra questions to my database. After beta testing (it should be fully ready by December), I plan on purchasing the yearly license from Codecogs, as I look forward to a long term use of the site.

Keep up the good work!

-Eric Kean author/creator www.myalgebrabook.com
kreut\′s Photo
9 Sep 11, 10:53PM
Update:

Will,

i have to admit that I kind of flail around in my javascript but I dug a bit into editor_plugin.js hoping to solve the issue myself; again, if one uses htmlpurifier, the < and > get zapped out of the url which isn't so hot. Anyway, at the bottom of the script I added a couple of lines.

Originally you had:
TinyMCE_Add = function( name )
{
	var sName = name.match( /(gif|svg).latex?(.*)/ );
	var latex= unescape(sName[2]);
	latex = latex.replace(/@plus;/g,'+');
	latex = latex.replace(/&plus;/g,'+');
	latex = latex.replace(/&space;/g,' ');

Then, I added the next 3 lines to url encode:
sName[2] = sName[2].replace('<','%3C');
	sName[2] = sName[2].replace('>','%3E');
	name ='http://latex.codecogs.com/gif.latex?'+sName[2];

Now the name below should have url encoded > and <. Because they're url coded here, when one posts the field and runs it through htmlpurifier, they won't be deleted as potentially harmful characters.

tinyMCE.activeEditor.execCommand('mceInsertContent', false, '<img src="'+name+'" alt="'+latex+'"  />');

Also, the last line in the file was:
tinyMCE.execCommant('mceFocus', false, tinymce.activeEditor.editorId);

whereas I believe that the intended code was (Command instead of Commant):

tinyMCE.execCommand('mceFocus', false, tinymce.activeEditor.editorId);

Your thoughts on my approach and the issue that I've raised regarding purifying the url's when there are < or > in addition to my thoughts on the typo on the last line would be appreciated.

Cheers!

-Eric
CodeCogs\′s Photo
10 Sep 11, 11:33AM
Eric,

I agree with both of your previous posts. We'll certainly implement this into the next edition and encode < >.

The code you've shown above sound work perfectly, though as you point out in your first post why don't you URL Encode the whole thing?, i.e.

name ='http://latex.codecogs.com/gif.latex?'+encodeURIComponent(sName[2]);

I've not tried this, so you might find encodeURI is sufficient, also though that doesn't appear to encode +.

--

Regarding the error you notice in the last line. It absolutely should read "tinyMCE.execCommand(...)" as you've shown. However I've check our source and its all correct. Could it be your using an old version of the code? I've check the zip that you can download online and it also appears correct. Do you have a URL for the faulty code?

Thanks Will
kreut\′s Photo
10 Sep 11, 1:59PM
Will,

Thanks for the feedback and for telling me about the encodeURIComponent. Again, as I mentioned, I'm a bit of a javascript newbie AND I had not even heard of URL encoding until about 4 days ago when I implemented the htmlpurifier and saw that it was changing my CodeCogs code. Regarding the exceCommant, I fear that I don't have a URL for the faulty code. Perhaps I somehow typed a t there by accident? Regardless, from a user's perspective even if it were there (which it sounds like it's not in the source!), it really didn't affect the User's experience.

Finally, I think that enocding < and > in the next edition will certainly be of help.

Enjoy your weekend!

-Eric
Currently you need to be logged in to leave a message.