Jennifer Lea Lampton

Configuring WYSIWYG editors in Drupal is now more complicated than ever. First you need to choose which editor you like. Then you need to install and configure a handful of additional modules to make your chosen editor work in Drupal. All that is followed by a period or pulling your hair out, banging your head against your keyboard, and frantically googling for instructions on how to get everything to work nicely together. When you’re finally done and get something working, you probably don’t even realize that you’ve exposed yourself to a potential security vulnerability. I’d like to share with you a best-practice approach for setting up a secure, usable WYSIWYG editor in Drupal 7. I'll also demonstrate several secure techniques for embedding images inline using image styles and captions.

The modules I’ll be demonstrating include:

• WYSIWYG API
• Better Formats
• Insert
• Caption Filter
• Image Resize Filter
• FileField Sources
• IMCE
• IMCE WYSIWYG API Bridge
• WYSIWYG filter

Update: After my presentation someone asked for the site I'd built in the hour, so I've attached a tar of the site and it's database to this post.