Need a Standard Wiki Syntax? Try HTML
I've said it before, and I'll say it again - the best syntax you can use for your wiki is HTML, or probably better XHTML. It's a defined standard with a wide range of excellent WYSIWYG editors, it's well known, very portable and saves you from having to write a converter to display your wiki pages.
David Van Couvering is the latest to complain about incompatible wiki syntax and he's certainly not alone in his frustrations. People don't want to have to learn yet another crazy wiki syntax, they want an intuitive interface that just lets them write their content. HTML provides far more flexibility than any wiki syntax, particularly around tables, which makes presenting data a lot easier.
The only real drawback of HTML I've seen is if someone needs to go outside of what the WYSIWYG editor can do, or if they're using an exceptionally unusual browser that the editor doesn't support, they are confronted by all those angle brackets. Of course, if people need to go beyond wiki syntax they just plain can't and wiki syntax isn't really that much better.
The best answer I can provide to that is to pick an editor that supports as many browsers as possible and with a good source view. Most editors have a fair bit of work to do on their source view because most users don't use it. Despite that, I'm beginning to think it may be an advantage to have a top notch source view just to counter the argument that HTML source looks ugly compared to wiki syntax. If we can improve the source editor to the point where it's a joy to use, we might get more wikis to start using HTML instead of inventing another non-standard syntax that locks it's users in.
See also: Wiki Syntax Considered Harmful
January 28th, 2007 at 12:47 am
Using HTML has a couple of disadvantages. The first is that it’s more work than most wiki markups - manually adding p tags to every paragraph for tomorrow is just enough effort to make the tool stop being transparent (you have to think about how you’re editing the wiki, not just what you’re editing). More importantly, safely enabling HTML is actually a surprisingly trick problem. You have to defend against a myriad of nasty tricks for embedding XSS attacks, as well as making sure people can’t break your site’s layout. MySpace have had an enormous number of security problems as a direct result of letting people use HTML directly.
January 28th, 2007 at 1:25 am
Just read your previous entry in which you address those issues (a WYSIWYG editor and Tidy-based filtering). I think it’s very easy to underestimate the size of the XSS problem - for example, filtering javascript: links isn’t enough - you alse need to filter vbscript: and jscript: and a whole bunch of other weird variations. You need to use whitelisting rather than blacklisting, but you still need to know about the weird undocumented features of various browsers (LiveJournal had an XSS in Firefox a while back because they allowed CSS, and Firefox CSS can embed XBL files which are executable code).
January 28th, 2007 at 6:56 am
Simon,
All the problems with filtering HTML also apply to RSS, Atom etc so it’s a well defined and solved problem, you just need to look up the right answers. Whitelisting is the answer and makes it quite simple - plus with a WYSIWYG editor, it should be transparent to users because the editor wouldn’t add any markup that is allowed. The cleaning of course still occurs server side for security, just that users who use the WYSIWYG editor won’t have any of their content changed.
Secondly, these problems only apply to publicly editable wikis. While the most visible use of wikis are the public facing ones, there are actually a vast number of wikis which are internal to organizations and thus have a trusted set of users. If any of your employees add XSS attacks, you fire them and it doesn’t happen again.
January 30th, 2007 at 9:47 am
…or maybe the alternative is for the wiki to provide a WYSIWYG editor for their syntax.
January 30th, 2007 at 12:22 pm
Except that the amount of effort required to create a WYSIWYG editor of a suitable quality is huge and it’s not worth doing that for every single different wiki syntax. Besides which, that doesn’t solve the problem of being locked into a particular wiki because of it’s specific syntax.
February 7th, 2007 at 1:01 am
Wikis are web pages (editable)…
What is the distincive feature about Wikis? Is it Wiki an online encyclopedia, a site that uses Wiki markup, or a website that is editable by everyone? I think the main distinctive trait of Wikis is easy editing. Wikis are webpages that are eas…
September 24th, 2007 at 5:17 pm
[...] Wiki syntax is the other big bit of legacy cruft - it's probably the biggest barrier to wiki adoption now and wiki creators are all scrambling to add WYSIWYG editors instead but many are struggling to make it all work because wiki markup is so non-standard. Should have used HTML instead… [...]