I updated https://github.com/mdipierro/editablebody
Now only the content of tags with class="editable" are editable unless the ?body=true is set. This needs to be set server side based on permission and also validated server side using, for example, beautifulsoup. Although validation is not really critical. If users want to tamper with pages they have write permissions on it not necessarily a big deal.. Massimo On Monday, 23 April 2012 14:21:08 UTC-5, Jonathan Lundell wrote: > > On Apr 23, 2012, at 12:02 PM, Massimo Di Pierro wrote: > > This is not the same as before. Anyway, I am not sure myself this is a > good idea but, in principle there is no need to make the entire page > editable. The editable part can be restricted to one div in the page > (perhaps more than one div eventually). In that case it will be possible to > swap themes as long as they have compatible divs (same ids). > > > That, I think, is the key to making this approach useful. One thing that > might help would be to have levels of authorization, along the lines of > designer/administrator/user, presumably using web2py roles, so that > different kinds of users would have more or less restricted editing access. > > The least permissive level would be a block that allowed text-only entry, > with no markup at all. Up from there, some kind of safe-markup-only > restriction, along the lines of what a WordPress author is allowed to do > through its editor. Think web2py validators, perhaps. > > In Expression Engine, when you edit a page the various containers on a > page are presented as an html form. So suppose your "more than one div" > above were mapped into a form, one field per div, with validators enforcing > the content restrictions. A page with a calendar entry might offer fields > for date, title and description, where date had a date validator, title a > text-only validator with a length restriction, and description allows safe > markup. > > If the underlying template allowed enough metadata to label the fields and > perhaps supply col3 help, you'd be all set. And all leveraging existing > web2py capabilities. >
