Andre's Blog
Perfection is when there is nothing left to take away
Getting into blogging, the ASP way

I finally decided to start a web log and decided this time around look for an out-of-the-box solution, rather than trying to create one. All I needed was a simple and secure interface, without any unnecessary functionality I would have to audit for security and find ways to disable.

The first surprise was that the search list came back pretty short - about a dozen blogs. Some of these were pretty pricey - (e.g. DMXReady at $199 USD for a single site license) and some just didn't look right. Eventually, a couple of those I looked at caught my attention - Forest Blog, dBlog and Battle Blog and I decided to give them a try.

Battle Blog, while looked quite similar to what I had in mind, required MS Access or SQL Server, so I decided to put it away. I probably could install the express edition of SQL Server, but I was already running MySQL on my server and didn't want to install and maintain yet another DBMS.

dBlog appeared to support only MS Access, although I couldn't say for sure, as installation instructions were in Italian.

Forest Blog, on the other hand, looked very nice. It had a great installation wizard and after clicking through a few pages, I had a usable blog, although I did have to allow writing within the web root in order for the wizard to complete. Those who are not careful with their security settings may end up with a vulnerable website.

Once installed, Forest Blog offered many nice features and I almost ended up deploying it. However, there were two things that made me re-think this. First, for some strange reason, Forest Blog was written not to use HTTP redirect and many pages came back with an annoying "if this page does not automatically refresh... click here" message. It was strange, since this technique is only used where there is no control over HTTP headers. Another thing was actually a pretty cool JavaScript editor called FCKeditor, which came with a bunch of server-side ASP files that appeared to some do file I/O, such as uploads, written in the worst language of them all, Visual Basic, which I don't know that well and wasn't particularly thrilled to learn just for that.

So, I figured that if I wanted a small, reasonably secure web log written in JavaScript and using MySQL, I would have to write my own. I gave it some thought for a couple of weeks and started typing on Friday, March 21nd. The first version of the blog was deployed Sunday night.

All in all, I managed to squeeze in more than I initially intended. Besides the obvious posting and simple calendaring, I added categories, multiple user support and the ability to save draft posts. I was pretty excited about the whole thing when it occurred to me that instead of typing posts in HTML, as I originally intended, I can plug in one of the JavaScript editors I saw in the blogs I reviewed.

I ended up looking at the FCKeditor and TinyMCE. I know, I know, just a few days before I thought FCKeditor had too much server-side stuff, but it looked very robust and produced better HTML than others. TinyMCE, on the other hand, was written completely in JavaScript, so I decided to give it a try.

One thing about TinyMCE was that it only generated XHTML and if it was used on a good-old HTML website, would produce bad output (i.e. <p/abc/ is valid HTML - look it up!). I couldn't find anything in the configuration and posted on TinyMCE forums Saturday night. I was pleasantly surprised to see an immediate response with a usable way to strip off the trailing slash from such XHTML elements as <br />. That settled it and I ended up using TinyMCE.

Well, there you have it - if you want an ASP blog written in JavaScript and talking to a MySQL database, you just have to write your own!

April 5th, 2008

Well, after using TinyMCE for about two weeks, I wasn't as thrilled about it. The editor simply didn't handle HTML beyond simple formatting, so I decided to switch to FCKeditor. Removing all server-side files made it just as secure, but FCKeditor turned out to be just so much better when it comes to editing!