Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

TinyMCE security question: How do you prevent malicious input?

Tags:

javascript

security

php

codeigniter

tinymce

How do you prevent malicious input in WYSIWYG editors like TinyMCE?

I have a system with users who are not "tech savvy" (so no WMD) and need a rich text editor that posts its content into a database.

I'm worried about scripting attacks and malicious input code.

like image 972
Walker Avatar asked Jun 15 '10 21:06

Walker

1 Answers

If you only want safe html then you should use the HTML Purifier. If you want to protect against XSS and block all html then you should use $var=htmlspcialchars($var,ENT_QUOTES);

like image 144
rook Avatar answered Sep 23 '22 16:09

rook
Sign in to Comment

Related questions

Speeding up levenshtein / similar_text in PHP
prepared parameterized query with PDO
How to efficiently paginate large datasets with PHP and MySQL?
Extended class not found when Base class is in a separate include file
PHP best practices: repass variables from config file when calling functions or use global?
PHP forum software that integrates easily with existing website? [closed]
Any PHP IDE written in C? [closed]
PHP preg_replace non-greedy trouble
PHP script stops running arbitrarily with no errors
mysql_real_escape_string alternative for SQL Server [duplicate]
How to make my code more secure
Replacing based on position in string
PHP rounding problem (5.2.3)?
PHP - Access object properties without case sensitivity?
What to store in a session?
get or session?
How much data can be sent via $_GET
How server manage different user's requests at a time?
Check if db connection is closed - php
Am I supposed to store hashes for passwords?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!