I wanted to see what some informed users opinions are on this problem. We've previously used htmlarea but came off of it because there is a possible security issue where if a user pastes JS into the editor the browser will sometimes execute it. I'm not sure of the details but that's how the issue was raised with me. I'm wondering since FCKeditor seems to use the same architecture if that's an issue? The problem stems from users being able to input JS which will then automatically be executed by others etc.
Mon, 02/28/2005 - 02:40
#1
RE: Filter pasting os JS text..
Boils down to:
Every single field in every web page should have 'buffer protection', to use a lame metaphor. Doesn't matter if you are using a super-cool-mega-spiffy extensible wysiwyg editor like FCKeditor or a plain old <input type="hidden">.
What a pain in the ass, neh?