With tinymce, do you need to handle html markup?
3 answers
You can never rely on a client to ensure that the content they host on your server is safe.
It's too easy for a potential attacker to disable these client-side measures and submit any dangerous content they want.
Therefore, you always need to validate your content on the server side, no matter which editor you are using in the browser.
+2
source to share
We use "valid element" checking to make sure that we only get standard HTML from the editor. No scripting, no events on attached tags (like anchor tags with onclick events). Just boring, plain HTML.
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements
0
source to share