security and wysiwyg form editors
I posted not too long ago asking for recomendations for wysiwyg form editors. I.e. i want my users to be able to use a wysiwyg editor when using my site. I got a lot of great recommendations, but now I have another question. How do you handled security with these and prevent things like xss since these editors typically send html text. I know that parsing html is one option, but it is not simple. If your curious about the difficulties in "cleaning" up html then read this: http://namb.la/popular/tech.html
What would be ideal is a wysiwyg editor that doesn't pass pure html but something like bbcode or markdown. Anyone have any recommendations?
What would be ideal is a wysiwyg editor that doesn't pass pure html but something like bbcode or markdown. Anyone have any recommendations?
