Hello,
I'm thinking to buy a "Corporate Web Sites" licence, but before i do this, I've got a question.
I want to use this for an CMS System and I'm not sure how i can solve this problem:
For sure, HTML is allowed ( you're not allowed to write your own HTML Code ). So now:
I won't do htmlentities() in the PHP Code because i want that the users can use the wysiwyg editor. BUT what if they manipulate the sent code and just close DIV-Containers or sth like this.
Im not sure how to solve this, because this is a real bad security problem.
How they can manipulate this?
The most simple thing would be to write your own form and send it to the page.
Well... I'd be very happy if someone could help me with this.
Cu
Unknown Soldier
I'm thinking to buy a "Corporate Web Sites" licence, but before i do this, I've got a question.
I want to use this for an CMS System and I'm not sure how i can solve this problem:
For sure, HTML is allowed ( you're not allowed to write your own HTML Code ). So now:
I won't do htmlentities() in the PHP Code because i want that the users can use the wysiwyg editor. BUT what if they manipulate the sent code and just close DIV-Containers or sth like this.
Im not sure how to solve this, because this is a real bad security problem.
How they can manipulate this?
The most simple thing would be to write your own form and send it to the page.
Well... I'd be very happy if someone could help me with this.
Cu
Unknown Soldier
Re: The Security of CKEditor
Re: The Security of CKEditor