[ZDP] Distributed authoring test

Craig Allen cba@mediaone.net
Sun, 23 May 1999 16:24:03 -0400


I've created a prototype system for allowing "anonymous" contributions to the
ZDP.
It's at http://zdp.zope.org/guide/contributions/chapter1/

==>>> I haven't reset any of the security settings, so it will ask for a login
if you try to contribute.  Only the people who currently have write access to
the ZDP site will be able to log in and contribute.  I did this so that folks
could look at in and see if we want to pursue something like this.

Right now the URL above will take you to a test environment that devoid of
*worthwhile* content.  Note that the newer docs (at the bottom of the list in
the table of contents) have somewhat better formatting and features.

There is at least one problem that I see, and I thing it's a Zope issue. 
Contributions are created in pairs, a shell DTML Document that calls the actual
text that is stored in a companion DTML Method.  I did this for several reasons:
 - supporting the use of structured text if contributors wanted to use it; and
 - removing (translating using the 'html_quote' attribute) HTML tags so that
viewers can see what was written without their browser rendering it.
However, DTML is still rendered.  Is this a security risk?  Do we need a new
attribute like 'DTML_quote' that would deactivate DTML tags?
Also, HTML tags in structured text contributions are rendered, as the
'html_quote' seems to break the use of stx.

Please take a look and see if this is worth pursuing, if the issues I've
identified (and the likely many I haven't noticed!) can be remedied.  And
suggestions for improvements are always welcome.

- Craig
-- 
Craig Allen  - Managing Partner - Mutual Alchemy
Information Architecture - http://alchemy.nu