CKEditor 4
Mon, 11/03/2014 - 22:10
#1
check3r
check3r's picture
Joined: 03/11/2014
Posts: 1

Prevent scripts

Hello,

I like CKEditor very much. But I'm facing a problem.

CKEditor produces HTML. But I must check on the server side that there are not scripts in the HTML (to prevent XSS). Also it would be great to have a whitelist of allowed html tags and forbid all others like iframes.

I consider using htmlpurifier but I'm not sure if that is the common way to do it.

I'm looking for a solution in PHP.

Kind regards

Top
Mon, 11/03/2014 - 23:05
reinmar
reinmar's picture
Joined: 24/08/2012
Posts: 631

It's not the best place to

It's not the best place to ask this question, because it's related to PHP and not CKEditor. But quick check in Google and some questions on StackOverflow seem to confirm that htmlpurifier is the right solution.

Piotrek (Reinmar) Koszuliński
CKEditor JavaScript Developer
--
CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check